Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

bug that allows google search to take me to a different site

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

bug that allows google search to take me to a different site

Unread postby ottersea » December 13th, 2010, 1:54 pm

I have a computer running windows XP sp3 and recently it has been acting up. I found a lot of spyware with malwarebytes and spybot but the problem is till there. When I use google search and click on a link it takes me to an entirely different site. There has to be something in there but I cannot find it. following is the hijackthis file and uninstall file. If you can see anything let me know. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:43:13 AM, on 12/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS.000\system32\nvsvc32.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.000\system32\pctspk.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Documents and Settings\admin\Application Data\OCS\SM\SearchAnonymizerHelper.exe
C:\WINDOWS.000\System32\snmp.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\System32\ups.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS.000\system32\RUNDLL32.EXE
C:\WINDOWS.000\system32\tbctray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS.000\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.shareazaweb.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc545.mail.yahoo.com/mc/welco ... r79a38d22/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
O2 - BHO: (no name) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.000\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.000\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS.000\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.000\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.000\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ocs_SM] C:\Documents and Settings\admin\Application Data\OCS\SM\SearchAnonymizer.exe
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS.000\system32\tbctray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9979722917
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.000\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.000\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.000\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS.000\system32\pctspk.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SearchAnonymizer - Unknown owner - C:\Documents and Settings\admin\Application Data\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS.000\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Unknown owner - C:\WINDOWS.000\system32\WFXSVC.EXE (file missing)

--
End of file - 11236 bytes

100% Free Chess 7.30
ABC Amber CHM Viewer
ACDSee Photo Manager 2009
Acrobat.com
Ad-Aware
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Reader 9.4.1
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
ArcSoft PhotoStudio 2000
Ask Toolbar
ATI Win2k Display Driver
avast! Free Antivirus
BadCopy Pro
Bible Database 5.1
BIOS Update
CAM UnZip 4.42
Canon ScanGear Toolbox CS 2.2
CCleaner
CDCheck
Cool Edit Pro 2.0
DivX
DVDVideoSoftTB Toolbar
EASEUS Partition Manager 3.0 Home Edition
Exterminate It!
Fellowes/NEATO MediaFACE
FLV Converter 3.0
FLV Player 2.0 (build 25)
Free Audio Converter version 1.5
Gimp 2.6.2 Debug
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 20
jZip
LiveAdvisor (Symantec Corporation)
LiveUpdate
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Access 2000 Runtime
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Excel Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2000
MightyFax
Mozilla Firefox (3.6.13)
MP3 Repair Tool v1.5.2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
My Free Mahjong
Nikon Message Center
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX v8.10.13
Opanda IExif 2.3
ParetoLogic Data Recovery
Password Safe
PictureProject
PictureProject In Touch Downloader 1.0
Quicken 2008
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Roxio Drag-to-Disc
Roxio Easy Media Creator 9 Suite
RVer's Notebook
Search Toolbar
SearchAnonymizer
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
SightSpeed (remove only)
Sonic MyDVD-VR
Spybot - Search & Destroy
SpyHunter
SUPERAntiSpyware
SupportSoft Assisted Service
The Complete National Geographic
The Complete National Geographic
Tomb Raider: Underworld 1.1
Turtle Beach Santa Cruz Applications
Turtle Beach Santa Cruz Driver
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Service Pack 3
Windows XP Uninstall
ZoneAlarm
ZoneAlarm Toolbar

Thanks
Clay
ottersea@yahoo.com
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm
Advertisement
Register to Remove

Re: bug that allows google search to take me to a different

Unread postby MWR 3 day Mod » December 16th, 2010, 4:53 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 17th, 2010, 11:49 am

You have a lot of P2P applications on your machine, and excessive security programs, which will make your machine actually less secure.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included P2P programs, toolbars and start pages in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like imesh, utorrent, Bittorrent, Azureus, Frostwire, Limewire, Vuze, Shareaza, Bitlord.
(Limewire has just been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.shareazaweb.com/sidebar.html?src=ssb
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
O2 - BHO: (no name) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O20 - AppInit_DLLs:
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS.000\SYSTEM32\ZoneLabs\vsmon.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Ad-Aware
Ask Toolbar
Ask Toolbar
Exterminate It!
Java(TM) 6 Update 20
LiveAdvisor (Symantec Corporation)
LiveUpdate
Search Toolbar
ZoneAlarm
ZoneAlarm Toolbar

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------------------------
Please download OTM and save to your Desktop.
  • Please double-click OTM.exe to run it. (Note: If you are running on Vista or Win7, right-click on the file and choose Run As Administrator).
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Do NOT copy the word "Code" :
Code: Select all
:processes
explorer.exe

:files
C:\Program Files\Ask.com
C:\Program Files\ZoneAlarm
C:\Program Files\iMesh Applications
C:\Program Files\ZoneAlarm
C:\Program Files\Search Toolbar
C:\Program Files\CheckPoint
C:\Program Files\Zone Labs

:commands
[purity]
[start explorer]
[emptytemp]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next Reply.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot. Please copy and paste the contents in your reply.
  • Close OTM.
Note: the logs are saved in C:\_OTM\MovedFiles\ if you need to retrieve one.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

So we are looking for the logs from OTM, CKScanner, and TDSSKiller.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 17th, 2010, 2:26 pm

Did as instructed and the following files were made:
OTM File
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Program Files\Ask.com folder moved successfully.
File/Folder C:\Program Files\ZoneAlarm not found.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\components folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome\content folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar\chrome folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\ToolBar folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar\DataMngr folder moved successfully.
C:\Program Files\iMesh Applications\MediaBar folder moved successfully.
C:\Program Files\iMesh Applications\iMesh folder moved successfully.
C:\Program Files\iMesh Applications folder moved successfully.
File/Folder C:\Program Files\ZoneAlarm not found.
C:\Program Files\Search Toolbar folder moved successfully.
C:\Program Files\CheckPoint\ZAForceField folder moved successfully.
C:\Program Files\CheckPoint folder moved successfully.
File/Folder C:\Program Files\Zone Labs not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 19607207 bytes
->Java cache emptied: 22885915 bytes
->FireFox cache emptied: 69168199 bytes
->Flash cache emptied: 7044 bytes

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Clay
->Temp folder emptied: 1586861960 bytes
->Java cache emptied: 116627 bytes
->FireFox cache emptied: 85871445 bytes
->Flash cache emptied: 57351 bytes

User: Clay_2
->Temp folder emptied: 3254891426 bytes
->Java cache emptied: 5513603 bytes
->FireFox cache emptied: 162063615 bytes
->Flash cache emptied: 140754 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 1038252 bytes
->FireFox cache emptied: 4130842 bytes

User: LocalService
->Temp folder emptied: 2045560 bytes

User: NetworkService
->Temp folder emptied: 1979576 bytes

User: sharon

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6741814 bytes
%systemroot%\System32 .tmp files removed: 176247615 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1095993 bytes
Session Manager Temp folder emptied: 16384 bytes
Session Manager Tmp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64872400 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34256 bytes
RecycleBin emptied: 381387992 bytes

Total Files Cleaned = 5,576.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12172010_120343

Files moved on Reboot...
File move failed. C:\WINDOWS.000\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS.000\temp\Perflib_Perfdata_61c.dat moved successfully.

Registry entries deleted on Reboot...

CKS Scanner file:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.NA.11
----- EOF -----

TDSS Killer file:
2010/12/17 12:19:09.0703 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/17 12:19:09.0703 ================================================================================
2010/12/17 12:19:09.0703 SystemInfo:
2010/12/17 12:19:09.0703
2010/12/17 12:19:09.0703 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/17 12:19:09.0703 Product type: Workstation
2010/12/17 12:19:09.0703 ComputerName: OTTERSEA
2010/12/17 12:19:09.0703 UserName: admin
2010/12/17 12:19:09.0703 Windows directory: C:\WINDOWS.000
2010/12/17 12:19:09.0703 System windows directory: C:\WINDOWS.000
2010/12/17 12:19:09.0703 Processor architecture: Intel x86
2010/12/17 12:19:09.0703 Number of processors: 2
2010/12/17 12:19:09.0703 Page size: 0x1000
2010/12/17 12:19:09.0703 Boot type: Normal boot
2010/12/17 12:19:09.0703 ================================================================================
2010/12/17 12:19:10.0015 Initialize success
2010/12/17 12:19:29.0296 ================================================================================
2010/12/17 12:19:29.0296 Scan started
2010/12/17 12:19:29.0296 Mode: Manual;
2010/12/17 12:19:29.0296 ================================================================================
2010/12/17 12:19:29.0750 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS.000\system32\drivers\Aavmker4.sys
2010/12/17 12:19:29.0906 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS.000\system32\DRIVERS\ACPI.sys
2010/12/17 12:19:29.0984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS.000\system32\drivers\ACPIEC.sys
2010/12/17 12:19:30.0093 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS.000\system32\drivers\aec.sys
2010/12/17 12:19:30.0171 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS.000\System32\drivers\afd.sys
2010/12/17 12:19:30.0578 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS.000\system32\drivers\Ambfilt.sys
2010/12/17 12:19:30.0718 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS.000\system32\DRIVERS\amdk7.sys
2010/12/17 12:19:30.0859 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS.000\system32\DRIVERS\AN983.sys
2010/12/17 12:19:31.0109 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS.000\system32\drivers\aswFsBlk.sys
2010/12/17 12:19:31.0171 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS.000\system32\drivers\aswMon2.sys
2010/12/17 12:19:31.0250 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS.000\system32\drivers\aswRdr.sys
2010/12/17 12:19:31.0312 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS.000\system32\drivers\aswSP.sys
2010/12/17 12:19:31.0359 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS.000\system32\drivers\aswTdi.sys
2010/12/17 12:19:31.0437 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS.000\system32\DRIVERS\asyncmac.sys
2010/12/17 12:19:31.0484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS.000\system32\DRIVERS\atapi.sys
2010/12/17 12:19:31.0625 ati2mtag (f9e8c05a3e9854bb54e843eef03631ba) C:\WINDOWS.000\system32\DRIVERS\ati2mtag.sys
2010/12/17 12:19:31.0734 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS.000\system32\DRIVERS\atmarpc.sys
2010/12/17 12:19:31.0828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS.000\system32\DRIVERS\audstub.sys
2010/12/17 12:19:31.0937 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS.000\system32\drivers\Beep.sys
2010/12/17 12:19:32.0015 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS.000\System32\drivers\BIOS.sys
2010/12/17 12:19:32.0078 BS_I2cIo (5edf41e8ba27585d3b851c03ad290b51) C:\WINDOWS.000\system32\drivers\BS_I2cIo.sys
2010/12/17 12:19:32.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS.000\system32\drivers\cbidf2k.sys
2010/12/17 12:19:32.0265 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS.000\system32\drivers\Cdaudio.sys
2010/12/17 12:19:32.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS.000\system32\drivers\Cdfs.sys
2010/12/17 12:19:32.0375 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS.000\system32\DRIVERS\cdrom.sys
2010/12/17 12:19:32.0562 cmuda (ba64ee3fd76d5708d6ddff1dc8076767) C:\WINDOWS.000\system32\drivers\cmuda.sys
2010/12/17 12:19:32.0812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS.000\system32\DRIVERS\disk.sys
2010/12/17 12:19:32.0890 DLABMFSM (ace95725b7d9e12227590f4c2e47707f) C:\WINDOWS.000\system32\DLA\DLABMFSM.SYS
2010/12/17 12:19:32.0937 DLABOIOM (f872cf678b07a7a415bc78c309c433a8) C:\WINDOWS.000\system32\DLA\DLABOIOM.SYS
2010/12/17 12:19:32.0984 DLACDBHM (81e0ef6c693da1a98bd863a9fb6ab223) C:\WINDOWS.000\system32\Drivers\DLACDBHM.SYS
2010/12/17 12:19:33.0031 DLADResM (0049cb1260d08b4e28ae28073ab6d6bf) C:\WINDOWS.000\system32\DLA\DLADResM.SYS
2010/12/17 12:19:33.0078 DLAIFS_M (8d74e30d25a962485c4620fbc795c576) C:\WINDOWS.000\system32\DLA\DLAIFS_M.SYS
2010/12/17 12:19:33.0109 DLAOPIOM (d4523b4284191c5824e79a4959cf8103) C:\WINDOWS.000\system32\DLA\DLAOPIOM.SYS
2010/12/17 12:19:33.0156 DLAPoolM (8330839e47287595545d4d4abdea2b18) C:\WINDOWS.000\system32\DLA\DLAPoolM.SYS
2010/12/17 12:19:33.0203 DLARTL_M (ccd46b2e9de7dde28055008e52d19e62) C:\WINDOWS.000\system32\Drivers\DLARTL_M.SYS
2010/12/17 12:19:33.0234 DLAUDFAM (c1574997b02ed1c1fdde8ef66106ad90) C:\WINDOWS.000\system32\DLA\DLAUDFAM.SYS
2010/12/17 12:19:33.0281 DLAUDF_M (4bbb14b293a9ec274361b0a543c78f80) C:\WINDOWS.000\system32\DLA\DLAUDF_M.SYS
2010/12/17 12:19:33.0546 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS.000\system32\drivers\dmboot.sys
2010/12/17 12:19:33.0687 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS.000\system32\drivers\dmio.sys
2010/12/17 12:19:33.0781 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS.000\system32\drivers\dmload.sys
2010/12/17 12:19:33.0843 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS.000\system32\drivers\DMusic.sys
2010/12/17 12:19:33.0953 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS.000\system32\drivers\drmkaud.sys
2010/12/17 12:19:34.0031 drvmcdb (55f25c7eb606f923fa317ae29a8bd72a) C:\WINDOWS.000\system32\drivers\drvmcdb.sys
2010/12/17 12:19:34.0093 DRVNDDM (8a491bd3f9137ba6aecabb93ff849fcc) C:\WINDOWS.000\system32\Drivers\DRVNDDM.SYS
2010/12/17 12:19:34.0187 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS.000\system32\epmntdrv.sys
2010/12/17 12:19:34.0265 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS.000\system32\drivers\es1371mp.sys
2010/12/17 12:19:34.0343 esgiguard (051a2e2a75adb6d1c5c27e940fdabcba) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
2010/12/17 12:19:34.0421 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS.000\system32\EuGdiDrv.sys
2010/12/17 12:19:34.0500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS.000\system32\drivers\Fastfat.sys
2010/12/17 12:19:34.0562 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS.000\system32\DRIVERS\fdc.sys
2010/12/17 12:19:34.0625 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS.000\system32\drivers\Fips.sys
2010/12/17 12:19:34.0687 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS.000\system32\DRIVERS\flpydisk.sys
2010/12/17 12:19:34.0765 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS.000\system32\drivers\fltmgr.sys
2010/12/17 12:19:34.0843 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS.000\system32\drivers\Fs_Rec.sys
2010/12/17 12:19:34.0921 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS.000\system32\DRIVERS\ftdisk.sys
2010/12/17 12:19:34.0984 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS.000\system32\DRIVERS\gameenum.sys
2010/12/17 12:19:35.0046 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS.000\system32\DRIVERS\msgpc.sys
2010/12/17 12:19:35.0109 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS.000\system32\DRIVERS\HDAudBus.sys
2010/12/17 12:19:35.0171 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS.000\system32\DRIVERS\hidusb.sys
2010/12/17 12:19:35.0296 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS.000\system32\DRIVERS\HSFBS2S2.sys
2010/12/17 12:19:35.0421 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS.000\system32\DRIVERS\HSFDPSP2.sys
2010/12/17 12:19:35.0562 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS.000\system32\Drivers\HTTP.sys
2010/12/17 12:19:35.0718 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS.000\system32\DRIVERS\i8042prt.sys
2010/12/17 12:19:36.0203 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS.000\system32\DRIVERS\igxpmp32.sys
2010/12/17 12:19:36.0593 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS.000\system32\DRIVERS\imapi.sys
2010/12/17 12:19:36.0937 IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) C:\WINDOWS.000\system32\drivers\RtkHDAud.sys
2010/12/17 12:19:37.0265 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS.000\system32\DRIVERS\intelppm.sys
2010/12/17 12:19:37.0312 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS.000\system32\drivers\ip6fw.sys
2010/12/17 12:19:37.0390 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS.000\system32\DRIVERS\ipfltdrv.sys
2010/12/17 12:19:37.0468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS.000\system32\DRIVERS\ipinip.sys
2010/12/17 12:19:37.0546 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS.000\system32\DRIVERS\ipnat.sys
2010/12/17 12:19:37.0593 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS.000\system32\DRIVERS\ipsec.sys
2010/12/17 12:19:37.0656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS.000\system32\DRIVERS\irenum.sys
2010/12/17 12:19:37.0734 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS.000\system32\DRIVERS\isapnp.sys
2010/12/17 12:19:37.0796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS.000\system32\DRIVERS\kbdclass.sys
2010/12/17 12:19:37.0859 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS.000\system32\drivers\kmixer.sys
2010/12/17 12:19:37.0937 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS.000\system32\drivers\KSecDD.sys
2010/12/17 12:19:38.0015 KTC111 (50a0090cbbf7ff701230ee1314598aef) C:\WINDOWS.000\system32\DRIVERS\KTC111.SYS
2010/12/17 12:19:38.0156 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS.000\system32\DRIVERS\mdmxsdk.sys
2010/12/17 12:19:38.0234 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS.000\system32\drivers\mnmdd.sys
2010/12/17 12:19:38.0312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS.000\system32\drivers\Modem.sys
2010/12/17 12:19:38.0390 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS.000\system32\drivers\MODEMCSA.sys
2010/12/17 12:19:38.0875 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS.000\system32\drivers\Monfilt.sys
2010/12/17 12:19:39.0359 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS.000\system32\DRIVERS\mouclass.sys
2010/12/17 12:19:39.0437 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS.000\system32\DRIVERS\mouhid.sys
2010/12/17 12:19:39.0531 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS.000\system32\drivers\MountMgr.sys
2010/12/17 12:19:39.0640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS.000\system32\DRIVERS\mrxdav.sys
2010/12/17 12:19:39.0750 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS.000\system32\DRIVERS\mrxsmb.sys
2010/12/17 12:19:39.0828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS.000\system32\drivers\Msfs.sys
2010/12/17 12:19:39.0890 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS.000\system32\drivers\MSKSSRV.sys
2010/12/17 12:19:39.0937 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS.000\system32\drivers\MSPCLOCK.sys
2010/12/17 12:19:39.0984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS.000\system32\drivers\MSPQM.sys
2010/12/17 12:19:40.0046 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS.000\system32\DRIVERS\mssmbios.sys
2010/12/17 12:19:40.0125 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS.000\system32\drivers\msmpu401.sys
2010/12/17 12:19:40.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS.000\system32\drivers\Mup.sys
2010/12/17 12:19:40.0234 NC100 (15bfb11722c869228cf851ef0fec2321) C:\WINDOWS.000\system32\DRIVERS\NC100A.sys
2010/12/17 12:19:40.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS.000\system32\drivers\NDIS.sys
2010/12/17 12:19:40.0359 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS.000\system32\DRIVERS\ndistapi.sys
2010/12/17 12:19:40.0406 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS.000\system32\DRIVERS\ndisuio.sys
2010/12/17 12:19:40.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS.000\system32\DRIVERS\ndiswan.sys
2010/12/17 12:19:40.0500 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS.000\system32\drivers\NDProxy.sys
2010/12/17 12:19:40.0562 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS.000\system32\DRIVERS\netbios.sys
2010/12/17 12:19:40.0625 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS.000\system32\DRIVERS\netbt.sys
2010/12/17 12:19:40.0734 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS.000\system32\drivers\Npfs.sys
2010/12/17 12:19:40.0859 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS.000\system32\drivers\Ntfs.sys
2010/12/17 12:19:40.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS.000\system32\drivers\Null.sys
2010/12/17 12:19:41.0453 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS.000\system32\DRIVERS\nv4_mini.sys
2010/12/17 12:19:41.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS.000\system32\DRIVERS\nwlnkflt.sys
2010/12/17 12:19:42.0031 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS.000\system32\DRIVERS\nwlnkfwd.sys
2010/12/17 12:19:42.0093 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS.000\system32\DRIVERS\parport.sys
2010/12/17 12:19:42.0140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS.000\system32\drivers\PartMgr.sys
2010/12/17 12:19:42.0187 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS.000\system32\drivers\ParVdm.sys
2010/12/17 12:19:42.0250 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS.000\system32\DRIVERS\pci.sys
2010/12/17 12:19:42.0343 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS.000\system32\DRIVERS\pciide.sys
2010/12/17 12:19:42.0406 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS.000\system32\drivers\Pcmcia.sys
2010/12/17 12:19:42.0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS.000\system32\DRIVERS\raspptp.sys
2010/12/17 12:19:42.0875 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS.000\system32\DRIVERS\processr.sys
2010/12/17 12:19:42.0937 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS.000\system32\DRIVERS\ptilink.sys
2010/12/17 12:19:43.0015 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS.000\system32\DRIVERS\ptserlp.sys
2010/12/17 12:19:43.0109 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS.000\system32\Drivers\PxHelp20.sys
2010/12/17 12:19:43.0406 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS.000\system32\DRIVERS\rasacd.sys
2010/12/17 12:19:43.0468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS.000\system32\DRIVERS\rasl2tp.sys
2010/12/17 12:19:43.0515 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS.000\system32\DRIVERS\raspppoe.sys
2010/12/17 12:19:43.0546 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS.000\system32\DRIVERS\raspti.sys
2010/12/17 12:19:43.0609 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS.000\system32\DRIVERS\rdbss.sys
2010/12/17 12:19:43.0656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS.000\system32\DRIVERS\RDPCDD.sys
2010/12/17 12:19:43.0750 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS.000\system32\drivers\RDPWD.sys
2010/12/17 12:19:43.0812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS.000\system32\DRIVERS\redbook.sys
2010/12/17 12:19:43.0906 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS.000\system32\Drivers\RootMdm.sys
2010/12/17 12:19:44.0046 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS.000\system32\DRIVERS\Rtenicxp.sys
2010/12/17 12:19:44.0140 RxFilter (caa5a5bcb828d6b56882b7c130115c69) C:\WINDOWS.000\system32\DRIVERS\RxFilter.sys
2010/12/17 12:19:44.0218 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/17 12:19:44.0234 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/17 12:19:44.0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS.000\system32\DRIVERS\secdrv.sys
2010/12/17 12:19:44.0390 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS.000\system32\DRIVERS\serenum.sys
2010/12/17 12:19:44.0468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS.000\system32\DRIVERS\serial.sys
2010/12/17 12:19:44.0562 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS.000\system32\drivers\Sfloppy.sys
2010/12/17 12:19:44.0687 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS.000\system32\DRIVERS\sisagp.sys
2010/12/17 12:19:44.0750 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS.000\system32\DRIVERS\sisnic.sys
2010/12/17 12:19:44.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS.000\system32\drivers\splitter.sys
2010/12/17 12:19:44.0953 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS.000\system32\DRIVERS\sr.sys
2010/12/17 12:19:45.0046 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS.000\system32\DRIVERS\srv.sys
2010/12/17 12:19:45.0156 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS.000\system32\DRIVERS\swenum.sys
2010/12/17 12:19:45.0218 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS.000\system32\drivers\swmidi.sys
2010/12/17 12:19:45.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS.000\system32\drivers\sysaudio.sys
2010/12/17 12:19:45.0593 tbcspud (b45259cc19ea0a5b8a407923e03df96c) C:\WINDOWS.000\system32\drivers\tbcspud.sys
2010/12/17 12:19:45.0687 tbcwdm (c7480d4478fa45bc83753e3e0b09cb58) C:\WINDOWS.000\system32\drivers\tbcwdm.sys
2010/12/17 12:19:45.0796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS.000\system32\DRIVERS\tcpip.sys
2010/12/17 12:19:45.0921 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS.000\system32\drivers\TDPIPE.sys
2010/12/17 12:19:46.0000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS.000\system32\drivers\TDTCP.sys
2010/12/17 12:19:46.0062 TermDD (88155247177638048422893737429d9e) C:\WINDOWS.000\system32\DRIVERS\termdd.sys
2010/12/17 12:19:46.0140 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS.000\system32\drivers\tmcomm.sys
2010/12/17 12:19:46.0281 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS.000\system32\drivers\Udfs.sys
2010/12/17 12:19:46.0406 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS.000\system32\DRIVERS\update.sys
2010/12/17 12:19:46.0500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS.000\system32\DRIVERS\usbehci.sys
2010/12/17 12:19:46.0578 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS.000\system32\DRIVERS\usbhub.sys
2010/12/17 12:19:46.0656 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS.000\system32\DRIVERS\usbohci.sys
2010/12/17 12:19:46.0734 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS.000\system32\DRIVERS\usbprint.sys
2010/12/17 12:19:46.0796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS.000\system32\DRIVERS\usbscan.sys
2010/12/17 12:19:46.0859 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS.000\system32\DRIVERS\USBSTOR.SYS
2010/12/17 12:19:46.0906 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS.000\system32\DRIVERS\usbuhci.sys
2010/12/17 12:19:46.0953 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS.000\System32\drivers\vga.sys
2010/12/17 12:19:47.0093 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS.000\system32\DRIVERS\vmodem.sys
2010/12/17 12:19:47.0187 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS.000\system32\drivers\VolSnap.sys
2010/12/17 12:19:47.0265 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS.000\system32\DRIVERS\vpctcom.sys
2010/12/17 12:19:47.0406 vtdg46xx (d099616ae84596f845c6ecb41745a645) C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys
2010/12/17 12:19:47.0453 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS.000\system32\DRIVERS\vvoice.sys
2010/12/17 12:19:47.0515 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS.000\system32\DRIVERS\wanarp.sys
2010/12/17 12:19:47.0609 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS.000\system32\drivers\wdmaud.sys
2010/12/17 12:19:47.0734 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS.000\system32\DRIVERS\HSFCXTS2.sys
2010/12/17 12:19:47.0906 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS.000\system32\drivers\WsAudio_DeviceS(1).sys
2010/12/17 12:19:47.0984 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS.000\system32\drivers\WsAudio_DeviceS(2).sys
2010/12/17 12:19:48.0078 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS.000\system32\drivers\WsAudio_DeviceS(3).sys
2010/12/17 12:19:48.0171 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS.000\system32\drivers\WsAudio_DeviceS(4).sys
2010/12/17 12:19:48.0234 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS.000\system32\drivers\WsAudio_DeviceS(5).sys
2010/12/17 12:19:48.0312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS.000\system32\DRIVERS\WudfPf.sys
2010/12/17 12:19:48.0390 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS.000\system32\DRIVERS\wudfrd.sys
2010/12/17 12:19:48.0671 ================================================================================
2010/12/17 12:19:48.0671 Scan finished
2010/12/17 12:19:48.0671 ================================================================================

Thanks for your assistance.
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 17th, 2010, 6:24 pm

ottersea,
I think you have had an infection called Bamital.D
It's quite serious. It looks like one of your security programs deleted a critical infected file (explorer.exe) instead of just giving you a warning.
Have you ever had AVG installed on this machine in the last several months?
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    explorer.exe
    hlp.dat
    wininit.exe
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 17th, 2010, 8:14 pm

Thanks here it the SystemLook file:

SystemLook 04.09.10 by jpshortstuff
Log created at 18:12 on 17/12/2010 by admin
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS.000\explorer.exe --a---- 1033728 bytes [17:03 24/07/2010] [10:42 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS.000\$NtServicePackUninstall$\explorer.exe -----c- 1004032 bytes [18:13 24/07/2010] [12:00 31/03/2003] A82B28BFC2E4455FE43022A498C0EF0A
C:\WINDOWS.000\ServicePackFiles\i386\explorer.exe ------- 1033728 bytes [18:22 24/07/2010] [10:42 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

Searching for "hlp.dat"
No files found.

Searching for "wininit.exe"
No files found.

-= EOF =-
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 17th, 2010, 8:24 pm

Forgot to mention. I have never had AVG on the puter. The only thing I have been using for the last year or so has been Avast free antivirus. thanks
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 17th, 2010, 8:46 pm

OK.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    winlogon.exe
    explorer.dat
    winlogon.dat
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 18th, 2010, 12:04 pm

SystemLook scan results:

SystemLook 04.09.10 by jpshortstuff
Log created at 09:21 on 18/12/2010 by admin
Administrator - Elevation successful

========== filefind ==========

Searching for "winlogon.exe"
C:\WINDOWS.000\$NtServicePackUninstall$\winlogon.exe -----c- 516608 bytes [18:12 24/07/2010] [12:00 31/03/2003] 2246D8D8F4714A2CEDB21AB9B1849ABB
C:\WINDOWS.000\ServicePackFiles\i386\winlogon.exe ------- 507904 bytes [18:25 24/07/2010] [10:42 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS.000\SYSTEM32\winlogon.exe --a---- 507904 bytes [17:02 24/07/2010] [10:42 14/04/2008] ED0EF0A136DEC83DF69F04118870003E

Searching for "explorer.dat"
No files found.

Searching for "winlogon.dat"
No files found.

-= EOF =-


Also I noticed that you had me remove Java update 20. Is Java not needed for many internet site to run??
Thanks
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 18th, 2010, 3:52 pm

ottersea,
Java is necessary to interact with some sites, like filling in forms, etc.
Out-of-date ones provide a conduit for infections, so have to be removed. New one is here:
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 23 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or right click and choose "Run as administrator") and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.

Tell me what you are seeing, and how the machine is running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 19th, 2010, 11:18 am

The internet seems to be running faster now but I am still haveing a problem with google search taking me to the wrong sites running under firefox 3.6. Case in point:

I google malwarebytes and get the results, one of which is MALWAREBYTES' ANTI MALWARE: MALWAREBTTES
I highlight that with the cursor and it shows at the bottom of the screen: http://xml.goldresults.net/c.php?p= ( a whole lot of numbers and letters that run off the screen)
I click on it and it takes me to: http://www.webroot.com/En_US/land-ss-fr ... ml/?rc=277

On another google for macrovision software manager that I once had on the computer

I get a result of: http://www.bleepingcomputer.com/forums/topic95561.html
I highlight that link and get : http://64.111.212.234/c.php?s= ( again a lot of numbers and letters that run off the screen)
I clink on that link and get a screen with: 504 Gateway Timeout

I don't know what is causing this to happen. Any ideas??
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 19th, 2010, 5:28 pm

Update from my last post.
I uninstalled firefox, rebooted and reinstalled a new copy of firefox. All seems to be working now and not redirecting. I do not know if the bug messed this up or not. Since the redirect was still happening after all the fixes do I need to do the fixes again now that firefox has apparently been fixed? Thanks.
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 20th, 2010, 4:59 pm

ottersea,
I don't think so.
The infections that alter Firefox just change the search settings and obscure them.

You can delete OTM from your desktop. We are going to use a different tool.
It should tell us if the Firefox settings are OK.
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 20th, 2010, 8:28 pm

Here are the OTL results:

Otl.txt file:

OTL logfile created on: 12/20/2010 6:21:37 PM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.000 | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 66.35 Gb Free Space | 59.35% Space Free | Partition Type: NTFS
Drive D: | 7.81 Mb Total Space | 3.81 Mb Free Space | 48.72% Space Free | Partition Type: NTFS
Drive E: | 7.81 Mb Total Space | 3.82 Mb Free Space | 48.92% Space Free | Partition Type: NTFS
Drive F: | 55.91 Gb Total Space | 37.59 Gb Free Space | 67.23% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 437.60 Gb Free Space | 93.95% Space Free | Partition Type: NTFS

Computer Name: OTTERSEA | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/20 18:14:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2010/12/17 11:26:20 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 13:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/12 10:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/01/30 09:35:16 | 000,451,920 | ---- | M] (ACD Systems) -- C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.000\explorer.exe
PRC - [2006/11/14 00:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2002/04/17 14:51:08 | 000,290,816 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS.000\SYSTEM32\tbctray.exe
PRC - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS.000\SYSTEM32\pctspk.exe


========== Modules (SafeList) ==========

MOD - [2010/12/20 18:14:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.000\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS.000\System32\WFXSVC.EXE -- (wfxsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS.000\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS.000\SYSTEM32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 08:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 08:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 08:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 08:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS.000\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 08:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS.000\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 08:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/07/09 16:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/27 17:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009/06/02 17:02:46 | 005,085,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/26 15:17:06 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/11/25 17:18:26 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\epmntdrv.sys -- (epmntdrv)
DRV - [2008/11/25 17:18:22 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/10/30 20:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\Ambfilt.sys -- (Ambfilt)
DRV - [2008/06/16 08:02:34 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.000\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 21:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\sisnic.sys -- (SISNIC)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 12:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\igxpmp32.sys -- (ialm)
DRV - [2006/11/27 11:19:46 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\RxFilter.sys -- (RxFilter)
DRV - [2006/11/01 07:59:36 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/11/01 07:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/11/01 07:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/11/01 07:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/11/01 07:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/11/01 07:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/11/01 07:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/11/01 07:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/25 07:22:22 | 000,099,816 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS.000\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2006/09/15 08:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/09/15 08:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/09/15 08:42:52 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/01/04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\Monfilt.sys -- (Monfilt)
DRV - [2005/03/16 00:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\BIOS.sys -- (BIOS)
DRV - [2002/08/28 22:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2002/08/28 22:16:16 | 000,450,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2002/04/17 14:51:08 | 000,545,088 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\tbcwdm.sys -- (tbcwdm)
DRV - [2002/04/17 14:51:08 | 000,144,768 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\tbcspud.sys -- (tbcspud)
DRV - [2002/03/21 19:44:32 | 000,019,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys -- (vtdg46xx)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.000\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.000\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS.000\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/17 11:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 11:12:14 | 000,019,016 | ---- | M] (Kingston Technology Company ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\KTC111.SYS -- (KTC111)
DRV - [2000/05/22 19:08:04 | 000,031,470 | ---- | M] (Network Everywhere) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\NC100A.sys -- (NC100) Network Everywhere Fast Ethernet Adapter(NC100 v2)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc545.mail.yahoo.com/mc/welco ... r79a38d22/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://us.mc545.mail.yahoo.com/mc/welco ... r79a38d22/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS.000\SYSTEM32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?&.src=ym"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS.000\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 02:00:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/12/19 08:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/19 15:21:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/19 15:21:34 | 000,000,000 | ---D | M]

[2010/12/19 15:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2010/12/19 15:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/19 11:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/20 18:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\cirveo8y.default\extensions
[2010/12/20 18:17:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\cirveo8y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/19 15:21:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/19 15:21:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/20 14:21:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/06 11:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/23 15:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/05 08:28:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/12 11:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/04/06 17:28:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/12/19 08:49:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/03 13:35:08 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/12/03 13:35:08 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/12/19 08:49:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/25 12:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/12/03 13:35:08 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/05/24 07:36:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/05/24 07:36:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/05/24 07:36:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/05/24 07:36:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/05/24 07:36:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/05/24 07:36:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/05/24 07:36:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/07/12 10:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/12/03 11:36:32 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/12/03 11:36:32 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/12/03 11:36:32 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/12/03 11:36:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/12/03 11:36:32 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/12/03 11:36:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/12/03 11:36:32 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2003/03/31 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS.000\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS.000\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS.000\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS.000\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS.000\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS.000\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS.000\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS.000\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.000\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.000\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS.000\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS.000\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS.000\SYSTEM32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS.000\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS.000\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS.000\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 9979722917 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS.000\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS.000\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS.000\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.142.136.220 64.91.3.46
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.000\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS.000\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS.000\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.000\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.000\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS.000\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS.000\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.000\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS.000\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS.000\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.000\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS.000\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.000\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.000\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.000\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS.000\SYSTEM32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.000\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.000\system32\userinit.exe) - C:\WINDOWS.000\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS.000\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS.000\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS.000\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS.000\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS.000\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS.000\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS.000\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS.000\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS.000\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS.000\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS.000\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS.000\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS.000\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS.000\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS.000\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS.000\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS.000\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS.000\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.000\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS.000\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS.000\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS.000\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS.000\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS.000\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS.000\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS.000\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS.000\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS.000\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS.000\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS.000\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS.000\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/15 04:16:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/19 08:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/19 08:49:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\javaws.exe
[2010/12/19 08:49:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\javaw.exe
[2010/12/19 08:49:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\java.exe
[2010/12/19 08:49:48 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\javacpl.cpl
[2010/12/19 08:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/17 12:14:42 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\admin\Desktop\tdsskiller.exe
[2010/12/17 12:03:43 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/12/17 11:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\Internet Logs
[2010/12/17 11:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\IO
[2010/12/15 17:28:03 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\ndproxy.sys
[2010/12/15 17:27:25 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\wab.exe
[2010/12/13 11:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/11 10:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/12/11 09:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/12/11 09:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Temp
[2010/12/11 09:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/12/11 09:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/12/11 09:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Google
[2010/12/11 09:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Uniblue
[2010/12/11 09:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/12/11 09:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Web Player
[2010/12/10 14:27:50 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/12/10 14:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/12/10 12:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/10 12:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
[2010/12/10 12:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/10 00:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\shareazamediabartb
[2010/12/10 00:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\imeshmediabartb
[2010/12/08 22:00:34 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\mfc42.dll
[2010/12/08 22:00:34 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\mfc40u.dll
[2010/12/08 22:00:07 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\srv.sys
[2010/12/08 21:59:33 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\mrxsmb.sys
[2010/12/08 21:59:05 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\aclayers.dll
[2010/12/08 21:56:39 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\helpsvc.exe
[2010/12/08 21:55:00 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\t2embed.dll
[2010/12/08 21:55:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\fontsub.dll
[2010/12/08 21:53:39 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\ntkrnlmp.exe
[2010/12/08 21:53:38 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\ntoskrnl.exe
[2010/12/08 21:53:38 | 002,066,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\ntkrnlpa.exe
[2010/12/08 21:53:38 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\ntkrpamp.exe
[2010/12/08 21:50:02 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\rmcast.sys
[2010/12/08 21:48:32 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\msadce.dll
[2010/12/08 21:45:24 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\moviemk.exe
[2010/12/08 21:44:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\netapi32.dll
[2010/12/08 21:43:56 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\jscript.dll
[2010/12/08 21:43:10 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\comctl32.dll
[2010/12/08 20:55:22 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\rpcrt4.dll
[2010/12/08 18:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\AskToolbar
[2010/12/07 18:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2010/12/07 18:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\System32\2120678167
[2010/12/07 18:48:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\Application Data\Desktop
[2010/12/06 15:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\FrostWire
[2010/12/05 14:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\eCalc Calculator
[2006/11/23 13:06:02 | 000,028,672 | R--- | C] ( ) -- C:\WINDOWS.000\System32\DivXGraphBuilderCallback.dll
[33 C:\WINDOWS.000\Fonts\*.tmp files -> C:\WINDOWS.000\Fonts\*.tmp -> ]
[1 C:\Documents and Settings\admin\Desktop\*.tmp files -> C:\Documents and Settings\admin\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\admin\*.tmp files -> C:\Documents and Settings\admin\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/20 18:18:35 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\OTL.lnk
[2010/12/20 18:17:12 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (3).lnk
[2010/12/20 18:15:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS.000\System32\wpa.dbl
[2010/12/20 18:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS.000\tasks\Scheduled Update for Ask Toolbar.job
[2010/12/20 17:59:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS.000\tasks\Uninstall Expiration Reminder.job
[2010/12/20 15:53:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS.000\tasks\Ad-Aware Update (Weekly).job
[2010/12/20 02:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.000\tasks\ParetoLogic Registration.job
[2010/12/19 15:21:38 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/19 15:21:38 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/19 15:16:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS.000\bootstat.dat
[2010/12/19 15:16:49 | 2137,313,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/19 14:55:45 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/19 14:53:49 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2010/12/19 08:49:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\deployJava1.dll
[2010/12/19 08:49:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\javaws.exe
[2010/12/19 08:49:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\javaw.exe
[2010/12/19 08:49:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\java.exe
[2010/12/19 08:49:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\javacpl.cpl
[2010/12/18 02:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS.000\tasks\ParetoLogic Update Version2.job
[2010/12/17 18:07:29 | 000,000,505 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\SystemLook.lnk
[2010/12/17 13:54:06 | 000,331,488 | ---- | M] () -- C:\WINDOWS.000\System32\FNTCACHE.DAT
[2010/12/17 13:53:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS.000\imsins.BAK
[2010/12/17 12:14:53 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\admin\Desktop\tdsskiller.exe
[2010/12/17 12:09:49 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\CKScanner.exe
[2010/12/17 12:02:29 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\OTM.lnk
[2010/12/16 01:00:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS.000\tasks\AppleSoftwareUpdate.job
[2010/12/15 16:10:49 | 000,000,247 | RHS- | M] () -- C:\boot.ini
[2010/12/13 11:42:42 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\HiJackThis.lnk
[2010/12/11 10:05:13 | 000,257,972 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\cc_20101211_100454.reg
[2010/12/11 09:56:25 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/10 14:28:04 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\SpyHunter.lnk
[2010/12/10 12:27:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/10 00:27:03 | 000,004,212 | -H-- | M] () -- C:\WINDOWS.000\System32\zllictbl.dat
[2010/12/10 00:24:25 | 000,439,436 | ---- | M] () -- C:\WINDOWS.000\System32\perfh009.dat
[2010/12/10 00:24:25 | 000,071,132 | ---- | M] () -- C:\WINDOWS.000\System32\perfc009.dat
[2010/12/10 00:19:55 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/10 00:19:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS.000\System32\CONFIG.NT
[2010/12/09 07:57:46 | 000,001,185 | ---- | M] () -- C:\WINDOWS.000\System32\1009706764
[2010/12/09 07:34:00 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\admin\.recently-used.xbel
[2010/12/07 18:49:09 | 000,203,776 | -HS- | M] () -- C:\WINDOWS.000\System32\unrar.exe
[2010/12/05 14:30:05 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eCalc Calculator.lnk
[2010/12/04 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS.000\tasks\Tune-up Application Start.job
[2010/12/01 10:35:53 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\ACDSee Photo Manager 2009.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.000\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.000\System32\drivers\mbam.sys
[1 C:\Documents and Settings\admin\Desktop\*.tmp files -> C:\Documents and Settings\admin\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\admin\*.tmp files -> C:\Documents and Settings\admin\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/20 18:18:35 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\OTL.lnk
[2010/12/20 18:17:12 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (3).lnk
[2010/12/19 15:21:38 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/19 15:21:38 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/19 14:53:49 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2010/12/17 18:07:29 | 000,000,505 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\SystemLook.lnk
[2010/12/17 12:09:45 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\CKScanner.exe
[2010/12/17 12:02:14 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\OTM.lnk
[2010/12/15 16:11:51 | 2137,313,280 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/13 11:42:42 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\HiJackThis.lnk
[2010/12/11 10:04:59 | 000,257,972 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\cc_20101211_100454.reg
[2010/12/11 09:56:25 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/10 14:28:04 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\SpyHunter.lnk
[2010/12/10 12:27:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/09 07:34:00 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\admin\.recently-used.xbel
[2010/12/08 18:47:54 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/07 18:50:17 | 000,001,185 | ---- | C] () -- C:\WINDOWS.000\System32\1009706764
[2010/12/07 18:49:09 | 000,203,776 | -HS- | C] () -- C:\WINDOWS.000\System32\unrar.exe
[2010/12/06 15:22:45 | 000,000,234 | ---- | C] () -- C:\WINDOWS.000\tasks\Scheduled Update for Ask Toolbar.job
[2010/12/05 14:30:05 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eCalc Calculator.lnk
[2010/11/10 21:17:43 | 000,000,260 | ---- | C] () -- C:\WINDOWS.000\MSREGUSR.INI
[2010/07/24 02:43:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS.000\System32\igfxCoIn_v4926.dll
[2010/06/29 20:01:57 | 000,056,056 | ---- | C] () -- C:\WINDOWS.000\System32\DLAAPI_W.DLL
[2010/05/27 08:49:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS.000\A4W.INI
[2010/05/27 08:47:38 | 000,001,212 | ---- | C] () -- C:\WINDOWS.000\pstudio.ini
[2010/05/27 08:47:38 | 000,000,028 | ---- | C] () -- C:\WINDOWS.000\album.ini
[2010/05/27 08:47:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS.000\Ps_setup.ini
[2010/03/10 16:23:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS.000\System32\fxsperf.ini
[2010/02/11 10:18:48 | 000,000,092 | ---- | C] () -- C:\WINDOWS.000\MFPD.INI
[2009/11/23 15:44:09 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Smiley.ico
[2009/09/24 08:45:32 | 000,000,388 | ---- | C] () -- C:\WINDOWS.000\ODBC.INI
[2009/05/25 12:25:17 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/24 12:45:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\ATIMMC.INI
[2009/04/21 17:41:39 | 000,000,090 | ---- | C] () -- C:\WINDOWS.000\QBChanUtil_Trigger.ini
[2009/04/03 09:14:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\PEZDOWNLOAD.INI
[2009/03/27 15:40:42 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\rx_audio.Cache
[2009/03/21 17:48:46 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\fusioncache.dat
[2009/03/18 09:53:18 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2009/03/13 08:18:21 | 000,000,814 | ---- | C] () -- C:\WINDOWS.000\CDFACE32.INI
[2009/03/13 08:18:19 | 000,118,784 | ---- | C] () -- C:\WINDOWS.000\System32\LFKODAK.DLL
[2009/03/13 08:18:17 | 000,338,944 | ---- | C] () -- C:\WINDOWS.000\System32\LFFPX7.DLL
[2009/02/28 13:49:06 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Printers
[2009/02/28 13:49:06 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\admin\Application Data\Pop Flute
[2009/02/28 13:49:06 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2009/02/24 18:56:22 | 000,000,718 | ---- | C] () -- C:\WINDOWS.000\WINHELP.INI
[2009/02/24 07:43:01 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt
[2009/02/19 18:48:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\rx_image.Cache
[2009/02/18 21:43:22 | 000,012,327 | ---- | C] () -- C:\WINDOWS.000\IOS.INI
[2009/02/18 21:43:22 | 000,005,068 | ---- | C] () -- C:\WINDOWS.000\DELETEFI.INI
[2009/02/18 21:43:22 | 000,003,598 | ---- | C] () -- C:\WINDOWS.000\HTMLHELP.INI
[2009/02/18 21:43:22 | 000,003,146 | ---- | C] () -- C:\WINDOWS.000\TELEPHON.INI
[2009/02/18 21:43:22 | 000,002,379 | ---- | C] () -- C:\WINDOWS.000\LEXSTAT.INI
[2009/02/18 21:43:22 | 000,001,119 | ---- | C] () -- C:\WINDOWS.000\dop.ini
[2009/02/18 21:43:22 | 000,000,865 | ---- | C] () -- C:\WINDOWS.000\DOSREP.INI
[2009/02/18 21:43:22 | 000,000,787 | ---- | C] () -- C:\WINDOWS.000\SCANREG.INI
[2009/02/18 21:43:22 | 000,000,643 | ---- | C] () -- C:\WINDOWS.000\wininit.ini
[2009/02/18 21:43:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS.000\LEXHBP.INI
[2009/02/18 21:43:22 | 000,000,124 | ---- | C] () -- C:\WINDOWS.000\QTW.INI
[2009/02/18 21:43:22 | 000,000,074 | ---- | C] () -- C:\WINDOWS.000\voydll.ini
[2009/02/18 21:43:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS.000\EXCHNG32.INI
[2009/02/18 21:43:22 | 000,000,026 | ---- | C] () -- C:\WINDOWS.000\MSOFFICE.INI
[2009/02/18 21:43:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS.000\vautorun.ini
[2009/02/18 21:43:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\progman.ini
[2009/02/18 21:43:21 | 000,007,885 | ---- | C] () -- C:\WINDOWS.000\NETDET.INI
[2009/02/18 21:43:21 | 000,000,122 | ---- | C] () -- C:\WINDOWS.000\PROTOCOL.INI
[2009/02/18 21:43:21 | 000,000,060 | ---- | C] () -- C:\WINDOWS.000\POWERPNT.INI
[2009/02/18 21:43:21 | 000,000,054 | ---- | C] () -- C:\WINDOWS.000\WAVEMIX.INI
[2009/02/18 21:34:52 | 000,004,337 | ---- | C] () -- C:\WINDOWS.000\ODBCINST.INI
[2009/02/18 21:19:28 | 001,822,720 | ---- | C] () -- C:\WINDOWS.000\System32\cmiwcnfg.dll
[2009/02/18 14:20:31 | 000,472,064 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSFormat.dll
[2009/02/18 14:20:31 | 000,180,736 | ---- | C] () -- C:\WINDOWS.000\System32\DeviceManager.dll
[2009/02/18 14:20:31 | 000,139,776 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSCopy.dll
[2009/02/18 14:20:31 | 000,093,184 | ---- | C] () -- C:\WINDOWS.000\System32\Partition.dll
[2009/02/18 14:20:31 | 000,086,528 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSLib.dll
[2009/02/18 14:20:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS.000\System32\ResizeNTFS.dll
[2009/02/18 14:20:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS.000\System32\Device.dll
[2009/02/18 14:20:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS.000\System32\FatCopy.dll
[2009/02/18 14:20:31 | 000,061,952 | ---- | C] () -- C:\WINDOWS.000\System32\FatResizeMove.dll
[2009/02/18 14:20:31 | 000,045,568 | ---- | C] () -- C:\WINDOWS.000\System32\FileSystemCheck.dll
[2009/02/18 14:20:31 | 000,031,744 | ---- | C] () -- C:\WINDOWS.000\System32\FatLib.dll
[2009/02/18 14:20:31 | 000,025,088 | ---- | C] () -- C:\WINDOWS.000\System32\FATFileSystemAnalyser.dll
[2009/02/18 14:20:31 | 000,024,576 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSFileSystemAnalyser.dll
[2009/02/18 14:20:31 | 000,022,016 | ---- | C] () -- C:\WINDOWS.000\System32\FatFormat.dll
[2009/02/18 14:20:31 | 000,021,504 | ---- | C] () -- C:\WINDOWS.000\System32\Fixup.dll
[2009/02/18 14:20:31 | 000,017,920 | ---- | C] () -- C:\WINDOWS.000\System32\SectorCopy.dll
[2009/02/18 14:20:31 | 000,014,848 | ---- | C] () -- C:\WINDOWS.000\System32\FileSystemAnalyser.dll
[2009/02/18 14:20:31 | 000,014,848 | ---- | C] () -- C:\WINDOWS.000\System32\EuEpmGdi.dll
[2009/02/18 14:20:31 | 000,010,752 | ---- | C] () -- C:\WINDOWS.000\System32\DeviceAdapter.dll
[2009/02/18 14:20:31 | 000,008,704 | ---- | C] () -- C:\WINDOWS.000\System32\epmntdrv.sys
[2009/02/18 14:20:31 | 000,006,656 | ---- | C] () -- C:\WINDOWS.000\System32\CallbackOperator.dll
[2009/02/18 14:20:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS.000\System32\EuGdiDrv.sys
[2009/02/18 13:35:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS.000\QUICKEN.INI
[2009/02/15 04:11:22 | 000,000,034 | ---- | C] () -- C:\WINDOWS.000\System32\OEMINFO.INI
[2009/02/06 20:28:37 | 000,022,016 | ---- | C] () -- C:\WINDOWS.000\System32\lxpnpapw.dll
[2009/02/06 06:54:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS.000\System32\MSVCRT10.DLL
[2009/02/05 23:39:53 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS.000\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelFrench.dll
[2006/12/20 12:26:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\System32\px.ini
[2006/11/26 23:01:54 | 000,520,192 | ---- | C] () -- C:\WINDOWS.000\System32\CddbPlaylist2Roxio.dll
[2006/11/26 23:01:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS.000\System32\CddbFileTaggerRoxio.dll
[2006/10/17 06:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS.000\System32\besched.dll
[2005/07/15 12:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS.000\System32\libeay32.dll
[2005/07/15 12:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS.000\System32\ssleay32.dll
[2005/07/15 12:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS.000\System32\qt-dx331.dll
[2003/10/02 00:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS.000\System32\lockout.dll
[2003/10/02 00:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS.000\System32\lockres.dll
[2003/03/31 06:00:00 | 000,209,010 | ---- | C] () -- C:\WINDOWS.000\System32\_004610_.tmp.dll
[2003/03/31 06:00:00 | 000,021,116 | ---- | C] () -- C:\WINDOWS.000\System32\_004577_.tmp.dll
[1999/04/23 22:22:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS.000\System32\MEMBG.DLL
[1999/04/23 22:22:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS.000\System32\ICMFILTER.DLL
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS.000\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/05/25 12:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\ACD Systems
[2010/09/27 10:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Canon
[2010/01/23 10:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\CheckPoint
[2010/11/11 07:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2010/12/08 08:36:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\admin\Application Data\Desktop
[2010/06/10 10:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\eMusic
[2010/06/12 08:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\FreeAudioPack
[2010/12/06 15:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\FrostWire
[2009/09/14 11:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\GrabPro
[2010/05/25 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\gtk-2.0
[2010/12/10 00:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\imeshmediabartb
[2009/02/18 21:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\InterTrust
[2009/03/18 09:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Nikon
[2010/09/13 12:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\OCS
[2010/09/13 12:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Opera
[2009/09/14 11:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Orbit
[2010/12/19 15:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\PriceGong
[2010/12/10 00:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\shareazamediabartb
[2010/12/11 09:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Uniblue
[2010/12/08 18:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\uTorrent
[2010/06/09 12:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\92AF
[2009/06/29 10:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/15 08:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/03/24 11:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/04/21 17:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/03/18 09:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/02/18 15:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/02/28 13:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/03/24 11:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/03/12 10:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/04/22 15:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/09/19 14:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/18 09:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/06/07 10:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/20 15:53:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS.000\Tasks\Ad-Aware Update (Weekly).job
[2010/12/20 02:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.000\Tasks\ParetoLogic Registration.job
[2010/12/18 02:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS.000\Tasks\ParetoLogic Update Version2.job
[2010/12/20 18:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS.000\Tasks\Scheduled Update for Ask Toolbar.job
[2010/12/04 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS.000\Tasks\Tune-up Application Start.job
[2010/12/20 17:59:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS.000\Tasks\Uninstall Expiration Reminder.job
[2010/01/29 11:26:55 | 000,000,106 | ---- | M] () -- C:\WINDOWS.000\Tasks\UPS System Shutdown Program.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\Wondershare Media Converter:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\Fax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\Emicsoft Studio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\Desktop\My eMusic:Roxio EMC Stream
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Extras.txt file:

OTL Extras logfile created on: 12/20/2010 6:21:37 PM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.000 | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 66.35 Gb Free Space | 59.35% Space Free | Partition Type: NTFS
Drive D: | 7.81 Mb Total Space | 3.81 Mb Free Space | 48.72% Space Free | Partition Type: NTFS
Drive E: | 7.81 Mb Total Space | 3.82 Mb Free Space | 48.92% Space Free | Partition Type: NTFS
Drive F: | 55.91 Gb Total Space | 37.59 Gb Free Space | 67.23% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 437.60 Gb Free Space | 93.95% Space Free | Partition Type: NTFS

Computer Name: OTTERSEA | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:java -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent -- File not found
"C:\Program Files\360Share Pro\Gui\360SharePro.exe" = C:\Program Files\360Share Pro\Gui\360SharePro.exe:*:Disabled:360Share Pro -- File not found
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{00180408-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28FFFE19-141E-47CF-8E9B-DD75B43C4B06}" = BIOS Update
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3636C923-7AD6-4DE3-978A-09609AEE8ECF}" = SpyHunter
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3D8D3D58-3E27-11D4-8FDD-00104B302D82}" = Turtle Beach Santa Cruz Applications
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6EFA70F2-D6C3-4ECA-BEA9-C1A31277C63A}_is1" = FLV Converter 3.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = MyDVD-VR Recorder
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio Easy Media Creator 9 Suite
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Turtle Beach Santa Cruz Driver
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{EEE791A8-4AB5-1540-FE9D-70EC70938AD2}" = The Complete National Geographic
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"ABC Amber CHM Viewer" = ABC Amber CHM Viewer
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"ATI Display Driver" = ATI Win2k Display Driver
"avast5" = avast! Free Antivirus
"BadCopy Pro" = BadCopy Pro
"Bible Database_is1" = Bible Database 5.1
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CCleaner" = CCleaner
"CDCheck" = CDCheck
"com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1" = The Complete National Geographic
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"CUZ4_is1" = CAM UnZip 4.42
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EASEUS Partition Manager Home Edition_is1" = EASEUS Partition Manager 3.0 Home Edition
"Fellowes/NEATO MediaFACE" = Fellowes/NEATO MediaFACE
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio Converter_is1" = Free Audio Converter version 1.5
"FreeChess" = 100% Free Chess 7.30
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = Sonic MyDVD-VR
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MightyFaxVersion3_is1" = MightyFax
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Free Mahjong_is1" = My Free Mahjong
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opanda IExif_is1" = Opanda IExif 2.3
"Password Safe" = Password Safe
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"RVer's Notebook" = RVer's Notebook
"SightSpeed" = SightSpeed (remove only)
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Windows" = Windows XP Uninstall
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/30/2010 5:54:30 PM | Computer Name = OTTERSEA | Source = avast! | ID = 33554522
Description =

Error - 4/30/2010 7:51:07 PM | Computer Name = OTTERSEA | Source = avast! | ID = 33554522
Description =

Error - 5/2/2010 9:40:18 AM | Computer Name = OTTERSEA | Source = avast! | ID = 33554522
Description =

Error - 5/2/2010 1:26:12 PM | Computer Name = OTTERSEA | Source = avast! | ID = 33554522
Description =

Error - 5/2/2010 1:26:20 PM | Computer Name = OTTERSEA | Source = avast! | ID = 33554522
Description =

Error - 5/2/2010 2:45:45 PM | Computer Name = OTTERSEA | Source = avast! | ID = 33554522
Description =

Error - 5/4/2010 1:02:03 PM | Computer Name = OTTERSEA | Source = avast! | ID = 33554522
Description =

Error - 5/5/2010 11:28:54 AM | Computer Name = OTTERSEA | Source = avast! | ID = 33554522
Description =

Error - 5/5/2010 11:29:05 AM | Computer Name = OTTERSEA | Source = avast! | ID = 33554522
Description =

Error - 5/10/2010 6:53:36 PM | Computer Name = OTTERSEA | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 12/10/2010 2:38:14 AM | Computer Name = OTTERSEA | Source = Application Hang | ID = 1002
Description = Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2010 2:40:00 AM | Computer Name = OTTERSEA | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
spybotsd.exe, version 1.6.2.46, fault address 0x000049ee.

Error - 12/10/2010 2:40:04 AM | Computer Name = OTTERSEA | Source = Application Error | ID = 1001
Description = Fault bucket 1117009375.

Error - 12/10/2010 2:16:16 PM | Computer Name = OTTERSEA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.

Error - 12/10/2010 2:16:25 PM | Computer Name = OTTERSEA | Source = Application Error | ID = 1001
Description = Fault bucket 1228193292.

Error - 12/11/2010 4:48:39 PM | Computer Name = OTTERSEA | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/11/2010 4:48:42 PM | Computer Name = OTTERSEA | Source = Application Hang | ID = 1001
Description = Fault bucket 734037209.

Error - 12/15/2010 8:58:34 PM | Computer Name = OTTERSEA | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2010 8:58:41 PM | Computer Name = OTTERSEA | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/16/2010 10:35:58 PM | Computer Name = OTTERSEA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module ole32.dll, version 5.1.2600.6010, fault address 0x0001d699.

[ System Events ]
Error - 12/17/2010 2:00:24 PM | Computer Name = OTTERSEA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/17/2010 2:00:24 PM | Computer Name = OTTERSEA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/17/2010 2:03:43 PM | Computer Name = OTTERSEA | Source = Service Control Manager | ID = 7034
Description = The SpyHunter 4 Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/17/2010 2:03:43 PM | Computer Name = OTTERSEA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/17/2010 2:03:43 PM | Computer Name = OTTERSEA | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/17/2010 2:03:43 PM | Computer Name = OTTERSEA | Source = Service Control Manager | ID = 7034
Description = The PCTEL Speaker Phone service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/17/2010 2:03:43 PM | Computer Name = OTTERSEA | Source = Service Control Manager | ID = 7034
Description = The Roxio Hard Drive Watcher 9 service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/17/2010 2:06:52 PM | Computer Name = OTTERSEA | Source = Service Control Manager | ID = 7000
Description = The WinFax PRO service failed to start due to the following error:
%%2

Error - 12/17/2010 3:54:32 PM | Computer Name = OTTERSEA | Source = Service Control Manager | ID = 7000
Description = The WinFax PRO service failed to start due to the following error:
%%2

Error - 12/19/2010 5:17:13 PM | Computer Name = OTTERSEA | Source = Service Control Manager | ID = 7000
Description = The WinFax PRO service failed to start due to the following error:
%%2


< End of report >

Thanks.
Clay
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 21st, 2010, 7:53 am

ottersea,
Good progress.
Note: DO NOT use CCleaner or any other program to Clean, Modify, Optimize, or "Boost" the registry.
Registry utilities don't do any good, and if they make the slightest mistake, they can break your machine.


You have too many anti-spyware programs. We will take care of that later.
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS.000\System32\WFXSVC.EXE -- (wfxsvc)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
    [2009/03/20 14:21:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    [2009/04/06 11:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    [2009/06/23 15:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    [2009/08/05 08:28:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    [2009/11/12 11:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    [2010/04/06 17:28:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\LimeWire\LimeWire.exe" =-
    "C:\Program Files\uTorrent\uTorrent.exe" =-
    "C:\Program Files\360Share Pro\Gui\360SharePro.exe" =-
    "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" =-
    
    :Files
    C:\Documents and Settings\admin\Application Data\shareazamediabartb
    C:\Documents and Settings\admin\Application Data\imeshmediabartb
    C:\Documents and Settings\admin\Local Settings\Application Data\AskToolbar
    C:\Documents and Settings\admin\Application Data\FrostWire
    C:\WINDOWS.000\tasks\Scheduled Update for Ask Toolbar.job
    C:\WINDOWS.000\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS.000\System32\zllictbl.dat
    C:\WINDOWS.000\System32\perfh009.dat
    C:\WINDOWS.000\System32\perfc009.dat
    C:\WINDOWS.000\tasks\Scheduled Update for Ask Toolbar.job
    C:\Documents and Settings\admin\Application Data\imeshmediabartb
    C:\Documents and Settings\admin\Application Data\shareazamediabartb
    C:\Documents and Settings\admin\Application Data\uTorrent
    C:\Documents and Settings\All Users\Application Data\RegCure
    C:\WINDOWS.000\Tasks\Scheduled Update for Ask Toolbar.job
    
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------------------
Download IE8 and install it (you can use Firefox for the download):
http://www.microsoft.com/windows/intern ... sites.aspx
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis.
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl +A), copy (Ctrl+C) and paste (Ctrl+V) the log contents into a reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 65 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware