Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

bug that allows google search to take me to a different site

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 21st, 2010, 11:08 am

OTL logfile:

OTL logfile created on: 12/21/2010 9:04:26 AM - Run 2
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.000 | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 72.12 Gb Free Space | 64.52% Space Free | Partition Type: NTFS
Drive D: | 7.81 Mb Total Space | 3.81 Mb Free Space | 48.72% Space Free | Partition Type: NTFS
Drive E: | 7.81 Mb Total Space | 3.82 Mb Free Space | 48.92% Space Free | Partition Type: NTFS
Drive F: | 55.91 Gb Total Space | 37.59 Gb Free Space | 67.23% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 437.60 Gb Free Space | 93.95% Space Free | Partition Type: NTFS

Computer Name: OTTERSEA | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/20 18:14:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 13:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/12 10:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/01/30 09:35:16 | 000,451,920 | ---- | M] (ACD Systems) -- C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.000\explorer.exe
PRC - [2006/11/14 00:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2002/04/17 14:51:08 | 000,290,816 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS.000\SYSTEM32\tbctray.exe
PRC - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS.000\SYSTEM32\pctspk.exe


========== Modules (SafeList) ==========

MOD - [2010/12/20 18:14:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.000\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS.000\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS.000\SYSTEM32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 08:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 08:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 08:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 08:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS.000\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 08:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS.000\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 08:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/07/09 16:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/04/13 17:45:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/27 17:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009/06/02 17:02:46 | 005,085,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/26 15:17:06 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2008/11/25 17:18:26 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\epmntdrv.sys -- (epmntdrv)
DRV - [2008/11/25 17:18:22 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/10/30 20:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\Ambfilt.sys -- (Ambfilt)
DRV - [2008/06/16 08:02:34 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS.000\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 21:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\sisnic.sys -- (SISNIC)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 12:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\igxpmp32.sys -- (ialm)
DRV - [2006/11/27 11:19:46 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\RxFilter.sys -- (RxFilter)
DRV - [2006/11/01 07:59:36 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/11/01 07:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/11/01 07:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/11/01 07:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/11/01 07:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/11/01 07:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/11/01 07:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/11/01 07:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/25 07:22:22 | 000,099,816 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS.000\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2006/09/15 08:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/09/15 08:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/09/15 08:42:52 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/01/04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\Monfilt.sys -- (Monfilt)
DRV - [2005/03/16 00:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\BIOS.sys -- (BIOS)
DRV - [2002/08/28 22:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2002/08/28 22:16:16 | 000,450,176 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2002/04/17 14:51:08 | 000,545,088 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\tbcwdm.sys -- (tbcwdm)
DRV - [2002/04/17 14:51:08 | 000,144,768 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\tbcspud.sys -- (tbcspud)
DRV - [2002/03/21 19:44:32 | 000,019,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys -- (vtdg46xx)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.000\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.000\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS.000\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/17 11:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 11:12:14 | 000,019,016 | ---- | M] (Kingston Technology Company ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\KTC111.SYS -- (KTC111)
DRV - [2000/05/22 19:08:04 | 000,031,470 | ---- | M] (Network Everywhere) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\NC100A.sys -- (NC100) Network Everywhere Fast Ethernet Adapter(NC100 v2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc545.mail.yahoo.com/mc/welco ... r79a38d22/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://us.mc545.mail.yahoo.com/mc/welco ... r79a38d22/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?&.src=ym"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/19 15:21:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/19 15:21:34 | 000,000,000 | ---D | M]

[2010/12/19 15:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2009/03/19 11:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/20 18:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\cirveo8y.default\extensions
[2010/12/20 18:17:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\cirveo8y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/21 09:02:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/19 08:49:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/19 08:49:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 10:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2003/03/31 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS.000\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6F4F95AF-1647-4B72-A632-055405455423} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS.000\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.000\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.000\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS.000\SYSTEM32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 9979722917 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS.000\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS.000\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS.000\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.142.136.220 64.91.3.46
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.000\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS.000\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/15 04:16:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/21 08:59:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/19 08:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/19 08:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/17 12:14:42 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\admin\Desktop\tdsskiller.exe
[2010/12/17 12:03:43 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/12/17 11:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\Internet Logs
[2010/12/17 11:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\IO
[2010/12/13 11:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/11 10:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/12/11 09:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/12/11 09:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Temp
[2010/12/11 09:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/12/11 09:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/12/11 09:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Google
[2010/12/11 09:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Uniblue
[2010/12/11 09:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/12/11 09:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Web Player
[2010/12/10 14:27:50 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/12/10 14:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/12/10 12:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/10 12:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
[2010/12/10 12:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/07 18:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2010/12/07 18:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\System32\2120678167
[2010/12/07 18:48:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\Application Data\Desktop
[2010/12/05 14:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\eCalc Calculator
[2006/11/23 13:06:02 | 000,028,672 | R--- | C] ( ) -- C:\WINDOWS.000\System32\DivXGraphBuilderCallback.dll
[33 C:\WINDOWS.000\Fonts\*.tmp files -> C:\WINDOWS.000\Fonts\*.tmp -> ]
[1 C:\Documents and Settings\admin\Desktop\*.tmp files -> C:\Documents and Settings\admin\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\admin\*.tmp files -> C:\Documents and Settings\admin\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/21 09:01:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS.000\System32\wpa.dbl
[2010/12/21 09:01:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS.000\bootstat.dat
[2010/12/21 09:01:21 | 2137,313,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/21 08:59:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS.000\tasks\Uninstall Expiration Reminder.job
[2010/12/21 02:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.000\tasks\ParetoLogic Registration.job
[2010/12/20 18:18:35 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\OTL.lnk
[2010/12/20 18:17:12 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (3).lnk
[2010/12/19 15:21:38 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/19 15:21:38 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/19 14:55:45 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/19 14:53:49 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2010/12/18 02:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS.000\tasks\ParetoLogic Update Version2.job
[2010/12/17 18:07:29 | 000,000,505 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\SystemLook.lnk
[2010/12/17 13:54:06 | 000,331,488 | ---- | M] () -- C:\WINDOWS.000\System32\FNTCACHE.DAT
[2010/12/17 13:53:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS.000\imsins.BAK
[2010/12/17 12:14:53 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\admin\Desktop\tdsskiller.exe
[2010/12/17 12:09:49 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\CKScanner.exe
[2010/12/17 12:02:29 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\OTM.lnk
[2010/12/16 01:00:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS.000\tasks\AppleSoftwareUpdate.job
[2010/12/15 16:10:49 | 000,000,247 | RHS- | M] () -- C:\boot.ini
[2010/12/13 11:42:42 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\HiJackThis.lnk
[2010/12/11 10:05:13 | 000,257,972 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\cc_20101211_100454.reg
[2010/12/11 09:56:25 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/10 14:28:04 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\SpyHunter.lnk
[2010/12/10 12:27:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/10 00:19:55 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/10 00:19:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS.000\System32\CONFIG.NT
[2010/12/09 07:57:46 | 000,001,185 | ---- | M] () -- C:\WINDOWS.000\System32\1009706764
[2010/12/09 07:34:00 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\admin\.recently-used.xbel
[2010/12/07 18:49:09 | 000,203,776 | -HS- | M] () -- C:\WINDOWS.000\System32\unrar.exe
[2010/12/05 14:30:05 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eCalc Calculator.lnk
[2010/12/04 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS.000\tasks\Tune-up Application Start.job
[2010/12/01 10:35:53 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\ACDSee Photo Manager 2009.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.000\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.000\System32\drivers\mbam.sys
[1 C:\Documents and Settings\admin\Desktop\*.tmp files -> C:\Documents and Settings\admin\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\admin\*.tmp files -> C:\Documents and Settings\admin\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/20 18:18:35 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\OTL.lnk
[2010/12/20 18:17:12 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (3).lnk
[2010/12/19 15:21:38 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/19 15:21:38 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/19 14:53:49 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2010/12/17 18:07:29 | 000,000,505 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\SystemLook.lnk
[2010/12/17 12:09:45 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\CKScanner.exe
[2010/12/17 12:02:14 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\OTM.lnk
[2010/12/15 16:11:51 | 2137,313,280 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/13 11:42:42 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\HiJackThis.lnk
[2010/12/11 10:04:59 | 000,257,972 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\cc_20101211_100454.reg
[2010/12/11 09:56:25 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/10 14:28:04 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\SpyHunter.lnk
[2010/12/10 12:27:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/09 07:34:00 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\admin\.recently-used.xbel
[2010/12/08 18:47:54 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/07 18:50:17 | 000,001,185 | ---- | C] () -- C:\WINDOWS.000\System32\1009706764
[2010/12/07 18:49:09 | 000,203,776 | -HS- | C] () -- C:\WINDOWS.000\System32\unrar.exe
[2010/12/05 14:30:05 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eCalc Calculator.lnk
[2010/11/10 21:17:43 | 000,000,260 | ---- | C] () -- C:\WINDOWS.000\MSREGUSR.INI
[2010/07/24 02:43:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS.000\System32\igfxCoIn_v4926.dll
[2010/06/29 20:01:57 | 000,056,056 | ---- | C] () -- C:\WINDOWS.000\System32\DLAAPI_W.DLL
[2010/05/27 08:49:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS.000\A4W.INI
[2010/05/27 08:47:38 | 000,001,212 | ---- | C] () -- C:\WINDOWS.000\pstudio.ini
[2010/05/27 08:47:38 | 000,000,028 | ---- | C] () -- C:\WINDOWS.000\album.ini
[2010/05/27 08:47:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS.000\Ps_setup.ini
[2010/03/10 16:23:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS.000\System32\fxsperf.ini
[2010/02/11 10:18:48 | 000,000,092 | ---- | C] () -- C:\WINDOWS.000\MFPD.INI
[2009/11/23 15:44:09 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\Smiley.ico
[2009/09/24 08:45:32 | 000,000,388 | ---- | C] () -- C:\WINDOWS.000\ODBC.INI
[2009/05/25 12:25:17 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/24 12:45:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\ATIMMC.INI
[2009/04/21 17:41:39 | 000,000,090 | ---- | C] () -- C:\WINDOWS.000\QBChanUtil_Trigger.ini
[2009/04/03 09:14:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\PEZDOWNLOAD.INI
[2009/03/27 15:40:42 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\rx_audio.Cache
[2009/03/21 17:48:46 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\fusioncache.dat
[2009/03/18 09:53:18 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2009/03/13 08:18:21 | 000,000,814 | ---- | C] () -- C:\WINDOWS.000\CDFACE32.INI
[2009/03/13 08:18:19 | 000,118,784 | ---- | C] () -- C:\WINDOWS.000\System32\LFKODAK.DLL
[2009/03/13 08:18:17 | 000,338,944 | ---- | C] () -- C:\WINDOWS.000\System32\LFFPX7.DLL
[2009/02/28 13:49:06 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Printers
[2009/02/28 13:49:06 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\admin\Application Data\Pop Flute
[2009/02/28 13:49:06 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2009/02/24 18:56:22 | 000,000,718 | ---- | C] () -- C:\WINDOWS.000\WINHELP.INI
[2009/02/24 07:43:01 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt
[2009/02/19 18:48:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\rx_image.Cache
[2009/02/18 21:43:22 | 000,012,327 | ---- | C] () -- C:\WINDOWS.000\IOS.INI
[2009/02/18 21:43:22 | 000,005,068 | ---- | C] () -- C:\WINDOWS.000\DELETEFI.INI
[2009/02/18 21:43:22 | 000,003,598 | ---- | C] () -- C:\WINDOWS.000\HTMLHELP.INI
[2009/02/18 21:43:22 | 000,003,146 | ---- | C] () -- C:\WINDOWS.000\TELEPHON.INI
[2009/02/18 21:43:22 | 000,002,379 | ---- | C] () -- C:\WINDOWS.000\LEXSTAT.INI
[2009/02/18 21:43:22 | 000,001,119 | ---- | C] () -- C:\WINDOWS.000\dop.ini
[2009/02/18 21:43:22 | 000,000,865 | ---- | C] () -- C:\WINDOWS.000\DOSREP.INI
[2009/02/18 21:43:22 | 000,000,787 | ---- | C] () -- C:\WINDOWS.000\SCANREG.INI
[2009/02/18 21:43:22 | 000,000,643 | ---- | C] () -- C:\WINDOWS.000\wininit.ini
[2009/02/18 21:43:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS.000\LEXHBP.INI
[2009/02/18 21:43:22 | 000,000,124 | ---- | C] () -- C:\WINDOWS.000\QTW.INI
[2009/02/18 21:43:22 | 000,000,074 | ---- | C] () -- C:\WINDOWS.000\voydll.ini
[2009/02/18 21:43:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS.000\EXCHNG32.INI
[2009/02/18 21:43:22 | 000,000,026 | ---- | C] () -- C:\WINDOWS.000\MSOFFICE.INI
[2009/02/18 21:43:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS.000\vautorun.ini
[2009/02/18 21:43:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\progman.ini
[2009/02/18 21:43:21 | 000,007,885 | ---- | C] () -- C:\WINDOWS.000\NETDET.INI
[2009/02/18 21:43:21 | 000,000,122 | ---- | C] () -- C:\WINDOWS.000\PROTOCOL.INI
[2009/02/18 21:43:21 | 000,000,060 | ---- | C] () -- C:\WINDOWS.000\POWERPNT.INI
[2009/02/18 21:43:21 | 000,000,054 | ---- | C] () -- C:\WINDOWS.000\WAVEMIX.INI
[2009/02/18 21:34:52 | 000,004,337 | ---- | C] () -- C:\WINDOWS.000\ODBCINST.INI
[2009/02/18 21:19:28 | 001,822,720 | ---- | C] () -- C:\WINDOWS.000\System32\cmiwcnfg.dll
[2009/02/18 14:20:31 | 000,472,064 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSFormat.dll
[2009/02/18 14:20:31 | 000,180,736 | ---- | C] () -- C:\WINDOWS.000\System32\DeviceManager.dll
[2009/02/18 14:20:31 | 000,139,776 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSCopy.dll
[2009/02/18 14:20:31 | 000,093,184 | ---- | C] () -- C:\WINDOWS.000\System32\Partition.dll
[2009/02/18 14:20:31 | 000,086,528 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSLib.dll
[2009/02/18 14:20:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS.000\System32\ResizeNTFS.dll
[2009/02/18 14:20:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS.000\System32\Device.dll
[2009/02/18 14:20:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS.000\System32\FatCopy.dll
[2009/02/18 14:20:31 | 000,061,952 | ---- | C] () -- C:\WINDOWS.000\System32\FatResizeMove.dll
[2009/02/18 14:20:31 | 000,045,568 | ---- | C] () -- C:\WINDOWS.000\System32\FileSystemCheck.dll
[2009/02/18 14:20:31 | 000,031,744 | ---- | C] () -- C:\WINDOWS.000\System32\FatLib.dll
[2009/02/18 14:20:31 | 000,025,088 | ---- | C] () -- C:\WINDOWS.000\System32\FATFileSystemAnalyser.dll
[2009/02/18 14:20:31 | 000,024,576 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSFileSystemAnalyser.dll
[2009/02/18 14:20:31 | 000,022,016 | ---- | C] () -- C:\WINDOWS.000\System32\FatFormat.dll
[2009/02/18 14:20:31 | 000,021,504 | ---- | C] () -- C:\WINDOWS.000\System32\Fixup.dll
[2009/02/18 14:20:31 | 000,017,920 | ---- | C] () -- C:\WINDOWS.000\System32\SectorCopy.dll
[2009/02/18 14:20:31 | 000,014,848 | ---- | C] () -- C:\WINDOWS.000\System32\FileSystemAnalyser.dll
[2009/02/18 14:20:31 | 000,014,848 | ---- | C] () -- C:\WINDOWS.000\System32\EuEpmGdi.dll
[2009/02/18 14:20:31 | 000,010,752 | ---- | C] () -- C:\WINDOWS.000\System32\DeviceAdapter.dll
[2009/02/18 14:20:31 | 000,008,704 | ---- | C] () -- C:\WINDOWS.000\System32\epmntdrv.sys
[2009/02/18 14:20:31 | 000,006,656 | ---- | C] () -- C:\WINDOWS.000\System32\CallbackOperator.dll
[2009/02/18 14:20:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS.000\System32\EuGdiDrv.sys
[2009/02/18 13:35:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS.000\QUICKEN.INI
[2009/02/15 04:11:22 | 000,000,034 | ---- | C] () -- C:\WINDOWS.000\System32\OEMINFO.INI
[2009/02/06 20:28:37 | 000,022,016 | ---- | C] () -- C:\WINDOWS.000\System32\lxpnpapw.dll
[2009/02/06 06:54:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS.000\System32\MSVCRT10.DLL
[2009/02/05 23:39:53 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS.000\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelFrench.dll
[2006/12/20 12:26:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\System32\px.ini
[2006/11/26 23:01:54 | 000,520,192 | ---- | C] () -- C:\WINDOWS.000\System32\CddbPlaylist2Roxio.dll
[2006/11/26 23:01:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS.000\System32\CddbFileTaggerRoxio.dll
[2006/10/17 06:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS.000\System32\besched.dll
[2005/07/15 12:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS.000\System32\libeay32.dll
[2005/07/15 12:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS.000\System32\ssleay32.dll
[2005/07/15 12:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS.000\System32\qt-dx331.dll
[2003/10/02 00:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS.000\System32\lockout.dll
[2003/10/02 00:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS.000\System32\lockres.dll
[2003/03/31 06:00:00 | 000,209,010 | ---- | C] () -- C:\WINDOWS.000\System32\_004610_.tmp.dll
[2003/03/31 06:00:00 | 000,021,116 | ---- | C] () -- C:\WINDOWS.000\System32\_004577_.tmp.dll
[1999/04/23 22:22:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS.000\System32\MEMBG.DLL
[1999/04/23 22:22:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS.000\System32\ICMFILTER.DLL
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS.000\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/05/25 12:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\ACD Systems
[2010/09/27 10:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Canon
[2010/01/23 10:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\CheckPoint
[2010/11/11 07:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2010/12/08 08:36:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\admin\Application Data\Desktop
[2010/06/10 10:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\eMusic
[2010/06/12 08:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\FreeAudioPack
[2009/09/14 11:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\GrabPro
[2010/05/25 16:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\gtk-2.0
[2009/02/18 21:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\InterTrust
[2009/03/18 09:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Nikon
[2010/09/13 12:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\OCS
[2010/09/13 12:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Opera
[2009/09/14 11:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Orbit
[2010/12/19 15:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\PriceGong
[2010/12/11 09:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Uniblue
[2010/06/09 12:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\92AF
[2009/06/29 10:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/15 08:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/03/24 11:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/04/21 17:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/03/18 09:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/02/18 15:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/02/28 13:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/03/24 11:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/04/22 15:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/09/19 14:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/18 09:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/06/07 10:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/21 02:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.000\Tasks\ParetoLogic Registration.job
[2010/12/18 02:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS.000\Tasks\ParetoLogic Update Version2.job
[2010/12/04 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS.000\Tasks\Tune-up Application Start.job
[2010/12/21 08:59:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS.000\Tasks\Uninstall Expiration Reminder.job
[2010/01/29 11:26:55 | 000,000,106 | ---- | M] () -- C:\WINDOWS.000\Tasks\UPS System Shutdown Program.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\Wondershare Media Converter:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\Fax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\Emicsoft Studio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\admin\Desktop\My eMusic:Roxio EMC Stream
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm
Advertisement
Register to Remove

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 21st, 2010, 12:42 pm

ottersea,
OK. Looks good.
As I mentioned, you have too many anti-spyware programs.
It's very important that you only have ONE that runs all the time.
The others can be used as scanners, on demand only, or they can be uninstalled.
Here is your present collection, along with my prejudiced opinions:
  • Malwarebytes Anti-Malware - probably the best at removals, good detections. The free one does not run all the time; the paid (lifetime,cheap) one does.
  • Super AntiSpyware - good removals, good detections. Can be run as a full time guard. If you use it that way, make sure none of the others start automatically. The built-in SAFEBOOT utility is very dangerous; don't ever use it.
  • SpyHunter - Has not been quite as good as the two above for detecting/removing spyware. It normally runs as a full time guard. If you choose another program for full time, Uninstall this one.
  • Spybot - Has fair detections and removals. Do not install Teatimer or you will find it putting back system changes you make.
In summary, I would Uninstall all but one or two, and have only ONE running full time. If you have two, use the second for on-demand scanning.

----------------------------------------------
Run OTL Again
This time, when it starts, click the Clean Up button and allow it to remove the tools we used.
----------------------------------------------
You can read about using a HOSTS file here : http://www.mvps.org/winhelp2002/hosts.htm

This one is a more aggressive HOSTS file than the Mvps, with over 100,000 blocked sites.
Download the hpHosts file installer from here: http://support.it-mate.co.uk/downloads/ ... -Win32.exe
Save it to your desktop.
  • For XP, double click the Installer to run it.
  • Click the button to Accept the agreement
  • Click Next
  • Click Install
  • When the screen labeled Completing the hp HOSTS Setup Wizard appears, be SURE to check the box labeled "Disable the DNS Client (Recommended)".
    (If you don't check that box, the next boot up may take a very long time, and the internet will be slow.)
  • Click Finish.
Now you can delete the installer from your desktop.
------------------------------------------------
Reset System Restore Points
  • Click Start, All Programs, Accessories, System Tools, System Restore
  • Click Create A Restore Point then click Next. Give it a name and then click Create, then Close.
  • Click Start, Run and type Cleanmgr
  • Select the Windows drive (usually C:), then click OK.
  • After it scans, Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.

Reboot your machine to record the changes you have made.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware or changes in the Restore settings.
-----------------------------------------------------------
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.

If you have good results, and no further questions, I will wish you good luck going forward.
Good job.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 21st, 2010, 1:18 pm

Thanks, everything seems to bee working good. The fix prior to this last one mover the superantispyware programs so it is no longer working. I have uninstalled both that and the spy hunter. I will purchase the malwarebytes so that i can have it running. Now to try and get the wife's laptop to work better.

Clay
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 21st, 2010, 1:57 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.

Edit: Re-opened at the request of the poster. One more issue to clean up. - askey
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 21st, 2010, 2:51 pm

ottersea,
Please first Reboot, and sign in as the User that is having a redirect problem.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl +A), copy (Ctrl+C) and paste (Ctrl+V) the log contents into a reply.
----------------------------------------------
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Now Ensure all Firefox windows are closed.
  • To run the tool, double-click it.
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 21st, 2010, 6:16 pm

Ran HijackThis under user account. It came up with the messsage:

for some reason your system denied write access to the Hosts file.
If any hijacked domains are in this file, HijackThis may not be able to fix them.
Notepad C:\WNDOWS\0000\System32\drivers\hosts
and press Enter. Find the line(s) HijackThis reports and delete them
Save the file as hosts,'(with quotes) and reboot.

For Vista, exit HijackThis, right click on the HijackThis icon and run as administrator

OK

I pressed ok and the following file was made.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:08:06 PM, on 12/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS.000\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS.000\system32\tbctray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
O1 - Hosts: ::1 localhost # IPv6
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.000\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.000\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS.000\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.000\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.000\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS.000\system32\tbctray.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9979722917
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.000\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.000\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.000\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS.000\system32\pctspk.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8128 bytes

Also the internet seems to have slowed to a crawl. It was running fast but not it takes about 5 time longer to load a page. Thanks
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 21st, 2010, 6:31 pm

Ran GooredFix and got a error message.

GooredFix started and did the following:

Scanning for 'Goored' ... Done!
Scanning for Wareout ...
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution
Done!
Scanning for Malware ...

At this point I got the following error

GooredFix - Specialist Removal Tool has encounted a problem and needs to close. We are sorry for the
inconvience
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 21st, 2010, 7:33 pm

Using the same user account, run this one:
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 21st, 2010, 8:24 pm

OTL.txt log

OTL logfile created on: 12/21/2010 6:14:03 PM - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Clay_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.000 | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 71.96 Gb Free Space | 64.38% Space Free | Partition Type: NTFS
Drive D: | 7.81 Mb Total Space | 3.81 Mb Free Space | 48.72% Space Free | Partition Type: NTFS
Drive E: | 7.81 Mb Total Space | 3.82 Mb Free Space | 48.92% Space Free | Partition Type: NTFS
Drive F: | 55.91 Gb Total Space | 37.59 Gb Free Space | 67.23% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 437.60 Gb Free Space | 93.95% Space Free | Partition Type: NTFS

Computer Name: OTTERSEA | User Name: Clay_2 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/21 18:07:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clay_2\Desktop\OTL.exe
PRC - [2010/11/29 17:42:14 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/17 12:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/07/12 10:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/01/30 09:35:16 | 000,451,920 | ---- | M] (ACD Systems) -- C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.000\explorer.exe
PRC - [2006/11/14 00:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2002/04/17 14:51:08 | 000,290,816 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS.000\SYSTEM32\tbctray.exe


========== Modules (SafeList) ==========

MOD - [2010/12/21 18:07:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clay_2\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.000\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/03/26 12:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS.000\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.centurytel.net"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13

FF - user.js..browser.startup.homepage: "http://www.centurytel.net"

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS.000\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 02:00:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/12/19 08:49:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 12:26:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/21 12:26:27 | 000,000,000 | ---D | M]

[2009/07/11 14:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Extensions
[2009/07/05 13:23:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/11 14:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/21 18:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Firefox\Profiles\5a673qin.default\extensions
[2010/04/30 15:40:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Firefox\Profiles\5a673qin.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/16 13:43:17 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Firefox\Profiles\5a673qin.default\searchplugins\bing.xml
[2010/09/17 08:18:36 | 000,005,471 | ---- | M] () -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Firefox\Profiles\5a673qin.default\searchplugins\googlecom-in-english.xml
[2010/12/21 12:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/21 12:26:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/19 08:49:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/03 13:35:08 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/12/03 13:35:08 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/12/19 08:49:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/25 12:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/12/03 13:35:08 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/05/24 07:36:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/05/24 07:36:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/05/24 07:36:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/05/24 07:36:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/05/24 07:36:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/05/24 07:36:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/05/24 07:36:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/07/12 10:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/12/03 11:36:32 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/12/03 11:36:32 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/12/03 11:36:32 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/12/03 11:36:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/12/03 11:36:32 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/12/03 11:36:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/12/03 11:36:32 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/12/18 14:15:38 | 003,916,125 | R--- | M]) - C:\WINDOWS.000\SYSTEM32\DRIVERS\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost #IPv4
O1 - Hosts: ::1 localhost # IPv6
O1 - Hosts: 127.0.0.1 0-29.com
O1 - Hosts: 127.0.0.1 0-pdf.com
O1 - Hosts: 127.0.0.1 0.gvt0.com
O1 - Hosts: 127.0.0.1 00.eatgoogle.345.pl
O1 - Hosts: 127.0.0.1 00.eatgoogle.bee.pl
O1 - Hosts: 127.0.0.1 00.eatgoogle.bij.pl
O1 - Hosts: 127.0.0.1 00.eatgoogle.orge.pl
O1 - Hosts: 127.0.0.1 00.eatgoogle.osa.pl
O1 - Hosts: 127.0.0.1 00.googleeat.345.pl
O1 - Hosts: 127.0.0.1 00.googleeat.bee.pl
O1 - Hosts: 127.0.0.1 00.googleeat.bij.pl
O1 - Hosts: 127.0.0.1 00.googleeat.orge.pl
O1 - Hosts: 127.0.0.1 00.googleeat.osa.pl
O1 - Hosts: 127.0.0.1 00.moregoogle.345.pl
O1 - Hosts: 127.0.0.1 00.moregoogle.bee.pl
O1 - Hosts: 127.0.0.1 00.moregoogle.bij.pl
O1 - Hosts: 127.0.0.1 00.moregoogle.osa.pl
O1 - Hosts: 127.0.0.1 000-101.org
O1 - Hosts: 127.0.0.1 000.bbexe.cn
O1 - Hosts: 127.0.0.1 0000.in
O1 - Hosts: 127.0.0.1 0000a-fast-proxy.de
O1 - Hosts: 127.0.0.1 000webhost.com
O1 - Hosts: 127.0.0.1 001.bbexe.cn
O1 - Hosts: 123077 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS.000\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS.000\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS.000\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS.000\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS.000\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS.000\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS.000\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.000\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.000\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS.000\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS.000\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS.000\SYSTEM32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS.000\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS.000\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS.000\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS.000\SYSTEM32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 9979722917 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS.000\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS.000\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS.000\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.142.136.220 64.91.3.46
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.000\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS.000\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS.000\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.000\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.000\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS.000\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS.000\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.000\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS.000\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS.000\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS.000\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS.000\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.000\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.000\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS.000\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS.000\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS.000\SYSTEM32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.000\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.000\system32\userinit.exe) - C:\WINDOWS.000\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS.000\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS.000\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS.000\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS.000\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS.000\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS.000\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS.000\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS.000\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS.000\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS.000\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS.000\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS.000\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS.000\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS.000\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS.000\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS.000\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS.000\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS.000\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.000\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS.000\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS.000\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Clay_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Clay_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS.000\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS.000\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS.000\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS.000\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS.000\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS.000\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS.000\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS.000\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS.000\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS.000\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/15 04:16:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/21 18:07:04 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Clay_2\Desktop\OTL.exe
[2010/12/21 16:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clay_2\Desktop\GooredFix Backups
[2010/12/21 15:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clay_2\Application Data\WinPatrol
[2010/12/21 12:06:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Clay_2\IECompatCache
[2010/12/21 12:05:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Clay_2\PrivacIE
[2010/12/21 11:12:48 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\3636C9237AD64DE3978A09609AEE8ECF.TMP
[2010/12/21 11:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/12/21 11:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/12/21 10:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\hpHosts
[2010/12/21 09:37:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Clay_2\IETldCache
[2010/12/21 09:24:46 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\ie8updates
[2010/12/21 09:23:38 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\WBEM
[2010/12/21 09:22:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS.000\ie8
[2010/12/19 08:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/19 08:49:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\javaws.exe
[2010/12/19 08:49:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\javaw.exe
[2010/12/19 08:49:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\java.exe
[2010/12/19 08:49:48 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\javacpl.cpl
[2010/12/19 08:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/19 08:32:15 | 016,561,952 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Clay_2\Desktop\jre-6u23-windows-i586.exe
[2010/12/17 11:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\Internet Logs
[2010/12/13 11:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/11 10:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/12/11 09:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/12/11 09:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/12/11 09:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Web Player
[2010/12/10 14:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/12/10 12:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/10 12:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/07 18:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\System32\2120678167
[2010/12/06 18:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clay_2\My Documents\FrostWire
[2010/12/06 18:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clay_2\Application Data\FrostWire
[2010/12/05 14:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\eCalc Calculator
[2010/11/29 10:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clay_2\My Documents\My Videos
[2006/11/23 13:06:02 | 000,028,672 | R--- | C] ( ) -- C:\WINDOWS.000\System32\DivXGraphBuilderCallback.dll
[33 C:\WINDOWS.000\Fonts\*.tmp files -> C:\WINDOWS.000\Fonts\*.tmp -> ]
[1 C:\WINDOWS.000\*.tmp files -> C:\WINDOWS.000\*.tmp -> ]
[1 C:\Documents and Settings\Clay_2\*.tmp files -> C:\Documents and Settings\Clay_2\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/21 18:07:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clay_2\Desktop\OTL.exe
[2010/12/21 16:59:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS.000\tasks\Uninstall Expiration Reminder.job
[2010/12/21 16:32:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS.000\System32\wpa.dbl
[2010/12/21 15:59:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS.000\bootstat.dat
[2010/12/21 15:59:14 | 2137,313,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/21 12:26:32 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/21 11:00:43 | 000,001,393 | ---- | M] () -- C:\WINDOWS.000\imsins.BAK
[2010/12/21 10:50:02 | 000,331,488 | ---- | M] () -- C:\WINDOWS.000\System32\FNTCACHE.DAT
[2010/12/21 09:23:45 | 000,000,909 | ---- | M] () -- C:\WINDOWS.000\System32\spupdsvc.inf
[2010/12/21 02:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.000\tasks\ParetoLogic Registration.job
[2010/12/19 15:13:08 | 000,173,509 | ---- | M] () -- C:\Documents and Settings\Clay_2\Desktop\bookmarks-2010-12-19.json
[2010/12/19 14:55:45 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/19 08:49:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\deployJava1.dll
[2010/12/19 08:49:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\javaws.exe
[2010/12/19 08:49:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\javaw.exe
[2010/12/19 08:49:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\java.exe
[2010/12/19 08:49:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.000\System32\javacpl.cpl
[2010/12/19 08:47:05 | 016,561,952 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Clay_2\Desktop\jre-6u23-windows-i586.exe
[2010/12/18 14:15:38 | 003,916,125 | R--- | M] () -- C:\WINDOWS.000\System32\drivers\etc\HOSTS
[2010/12/18 02:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS.000\tasks\ParetoLogic Update Version2.job
[2010/12/16 01:00:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS.000\tasks\AppleSoftwareUpdate.job
[2010/12/15 16:10:49 | 000,000,247 | RHS- | M] () -- C:\boot.ini
[2010/12/11 12:36:07 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Clay_2\My Documents\Merry Christmas to all of our dear family and friends.doc
[2010/12/11 09:56:25 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/10 00:19:55 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/10 00:19:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS.000\System32\CONFIG.NT
[2010/12/09 07:57:46 | 000,001,185 | ---- | M] () -- C:\WINDOWS.000\System32\1009706764
[2010/12/07 18:49:09 | 000,203,776 | -HS- | M] () -- C:\WINDOWS.000\System32\unrar.exe
[2010/12/05 14:30:05 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eCalc Calculator.lnk
[2010/12/04 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS.000\tasks\Tune-up Application Start.job
[2010/12/03 09:23:21 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Clay_2\My Documents\spider.sav
[2010/12/02 14:22:29 | 000,021,080 | ---- | M] () -- C:\Documents and Settings\Clay_2\Local Settings\Application Data\rx_audio.Cache
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.000\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.000\System32\drivers\mbam.sys
[1 C:\WINDOWS.000\*.tmp files -> C:\WINDOWS.000\*.tmp -> ]
[1 C:\Documents and Settings\Clay_2\*.tmp files -> C:\Documents and Settings\Clay_2\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/21 12:26:32 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/21 09:23:46 | 000,000,909 | ---- | C] () -- C:\WINDOWS.000\System32\spupdsvc.inf
[2010/12/19 15:13:08 | 000,173,509 | ---- | C] () -- C:\Documents and Settings\Clay_2\Desktop\bookmarks-2010-12-19.json
[2010/12/15 16:11:51 | 2137,313,280 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/11 12:36:07 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Clay_2\My Documents\Merry Christmas to all of our dear family and friends.doc
[2010/12/11 09:56:25 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/08 18:47:54 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/07 18:50:17 | 000,001,185 | ---- | C] () -- C:\WINDOWS.000\System32\1009706764
[2010/12/07 18:49:09 | 000,203,776 | -HS- | C] () -- C:\WINDOWS.000\System32\unrar.exe
[2010/12/05 14:30:05 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eCalc Calculator.lnk
[2010/11/10 21:17:43 | 000,000,260 | ---- | C] () -- C:\WINDOWS.000\MSREGUSR.INI
[2010/07/24 02:43:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS.000\System32\igfxCoIn_v4926.dll
[2010/06/29 20:01:57 | 000,056,056 | ---- | C] () -- C:\WINDOWS.000\System32\DLAAPI_W.DLL
[2010/06/29 18:50:14 | 000,021,080 | ---- | C] () -- C:\Documents and Settings\Clay_2\Local Settings\Application Data\rx_audio.Cache
[2010/05/27 08:49:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS.000\A4W.INI
[2010/05/27 08:47:38 | 000,001,212 | ---- | C] () -- C:\WINDOWS.000\pstudio.ini
[2010/05/27 08:47:38 | 000,000,028 | ---- | C] () -- C:\WINDOWS.000\album.ini
[2010/05/27 08:47:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS.000\Ps_setup.ini
[2010/03/10 16:23:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS.000\System32\fxsperf.ini
[2010/02/11 10:18:48 | 000,000,092 | ---- | C] () -- C:\WINDOWS.000\MFPD.INI
[2009/09/24 08:45:32 | 000,000,388 | ---- | C] () -- C:\WINDOWS.000\ODBC.INI
[2009/08/04 10:39:35 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Clay_2\Local Settings\Application Data\rx_image.Cache
[2009/04/24 12:45:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\ATIMMC.INI
[2009/04/21 17:41:39 | 000,000,090 | ---- | C] () -- C:\WINDOWS.000\QBChanUtil_Trigger.ini
[2009/04/03 09:14:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\PEZDOWNLOAD.INI
[2009/03/18 09:53:18 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2009/03/13 08:18:21 | 000,000,814 | ---- | C] () -- C:\WINDOWS.000\CDFACE32.INI
[2009/03/13 08:18:19 | 000,118,784 | ---- | C] () -- C:\WINDOWS.000\System32\LFKODAK.DLL
[2009/03/13 08:18:17 | 000,338,944 | ---- | C] () -- C:\WINDOWS.000\System32\LFFPX7.DLL
[2009/02/28 13:49:06 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Printers
[2009/02/28 13:49:06 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2009/02/24 18:56:22 | 000,000,718 | ---- | C] () -- C:\WINDOWS.000\WINHELP.INI
[2009/02/24 07:43:01 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt
[2009/02/18 21:43:22 | 000,012,327 | ---- | C] () -- C:\WINDOWS.000\IOS.INI
[2009/02/18 21:43:22 | 000,005,068 | ---- | C] () -- C:\WINDOWS.000\DELETEFI.INI
[2009/02/18 21:43:22 | 000,003,598 | ---- | C] () -- C:\WINDOWS.000\HTMLHELP.INI
[2009/02/18 21:43:22 | 000,003,146 | ---- | C] () -- C:\WINDOWS.000\TELEPHON.INI
[2009/02/18 21:43:22 | 000,002,379 | ---- | C] () -- C:\WINDOWS.000\LEXSTAT.INI
[2009/02/18 21:43:22 | 000,001,119 | ---- | C] () -- C:\WINDOWS.000\dop.ini
[2009/02/18 21:43:22 | 000,000,865 | ---- | C] () -- C:\WINDOWS.000\DOSREP.INI
[2009/02/18 21:43:22 | 000,000,787 | ---- | C] () -- C:\WINDOWS.000\SCANREG.INI
[2009/02/18 21:43:22 | 000,000,643 | ---- | C] () -- C:\WINDOWS.000\wininit.ini
[2009/02/18 21:43:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS.000\LEXHBP.INI
[2009/02/18 21:43:22 | 000,000,124 | ---- | C] () -- C:\WINDOWS.000\QTW.INI
[2009/02/18 21:43:22 | 000,000,074 | ---- | C] () -- C:\WINDOWS.000\voydll.ini
[2009/02/18 21:43:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS.000\EXCHNG32.INI
[2009/02/18 21:43:22 | 000,000,026 | ---- | C] () -- C:\WINDOWS.000\MSOFFICE.INI
[2009/02/18 21:43:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS.000\vautorun.ini
[2009/02/18 21:43:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\progman.ini
[2009/02/18 21:43:21 | 000,007,885 | ---- | C] () -- C:\WINDOWS.000\NETDET.INI
[2009/02/18 21:43:21 | 000,000,122 | ---- | C] () -- C:\WINDOWS.000\PROTOCOL.INI
[2009/02/18 21:43:21 | 000,000,060 | ---- | C] () -- C:\WINDOWS.000\POWERPNT.INI
[2009/02/18 21:43:21 | 000,000,054 | ---- | C] () -- C:\WINDOWS.000\WAVEMIX.INI
[2009/02/18 21:34:52 | 000,004,337 | ---- | C] () -- C:\WINDOWS.000\ODBCINST.INI
[2009/02/18 21:19:28 | 001,822,720 | ---- | C] () -- C:\WINDOWS.000\System32\cmiwcnfg.dll
[2009/02/18 14:20:31 | 000,472,064 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSFormat.dll
[2009/02/18 14:20:31 | 000,180,736 | ---- | C] () -- C:\WINDOWS.000\System32\DeviceManager.dll
[2009/02/18 14:20:31 | 000,139,776 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSCopy.dll
[2009/02/18 14:20:31 | 000,093,184 | ---- | C] () -- C:\WINDOWS.000\System32\Partition.dll
[2009/02/18 14:20:31 | 000,086,528 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSLib.dll
[2009/02/18 14:20:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS.000\System32\ResizeNTFS.dll
[2009/02/18 14:20:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS.000\System32\Device.dll
[2009/02/18 14:20:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS.000\System32\FatCopy.dll
[2009/02/18 14:20:31 | 000,061,952 | ---- | C] () -- C:\WINDOWS.000\System32\FatResizeMove.dll
[2009/02/18 14:20:31 | 000,045,568 | ---- | C] () -- C:\WINDOWS.000\System32\FileSystemCheck.dll
[2009/02/18 14:20:31 | 000,031,744 | ---- | C] () -- C:\WINDOWS.000\System32\FatLib.dll
[2009/02/18 14:20:31 | 000,025,088 | ---- | C] () -- C:\WINDOWS.000\System32\FATFileSystemAnalyser.dll
[2009/02/18 14:20:31 | 000,024,576 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSFileSystemAnalyser.dll
[2009/02/18 14:20:31 | 000,022,016 | ---- | C] () -- C:\WINDOWS.000\System32\FatFormat.dll
[2009/02/18 14:20:31 | 000,021,504 | ---- | C] () -- C:\WINDOWS.000\System32\Fixup.dll
[2009/02/18 14:20:31 | 000,017,920 | ---- | C] () -- C:\WINDOWS.000\System32\SectorCopy.dll
[2009/02/18 14:20:31 | 000,014,848 | ---- | C] () -- C:\WINDOWS.000\System32\FileSystemAnalyser.dll
[2009/02/18 14:20:31 | 000,014,848 | ---- | C] () -- C:\WINDOWS.000\System32\EuEpmGdi.dll
[2009/02/18 14:20:31 | 000,010,752 | ---- | C] () -- C:\WINDOWS.000\System32\DeviceAdapter.dll
[2009/02/18 14:20:31 | 000,008,704 | ---- | C] () -- C:\WINDOWS.000\System32\epmntdrv.sys
[2009/02/18 14:20:31 | 000,006,656 | ---- | C] () -- C:\WINDOWS.000\System32\CallbackOperator.dll
[2009/02/18 14:20:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS.000\System32\EuGdiDrv.sys
[2009/02/18 13:35:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS.000\QUICKEN.INI
[2009/02/15 04:11:22 | 000,000,034 | ---- | C] () -- C:\WINDOWS.000\System32\OEMINFO.INI
[2009/02/06 20:28:37 | 000,022,016 | ---- | C] () -- C:\WINDOWS.000\System32\lxpnpapw.dll
[2009/02/06 06:54:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS.000\System32\MSVCRT10.DLL
[2009/02/05 23:39:53 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS.000\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelFrench.dll
[2006/12/20 12:26:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\System32\px.ini
[2006/11/26 23:01:54 | 000,520,192 | ---- | C] () -- C:\WINDOWS.000\System32\CddbPlaylist2Roxio.dll
[2006/11/26 23:01:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS.000\System32\CddbFileTaggerRoxio.dll
[2006/10/17 06:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS.000\System32\besched.dll
[2005/07/15 12:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS.000\System32\libeay32.dll
[2005/07/15 12:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS.000\System32\ssleay32.dll
[2005/07/15 12:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS.000\System32\qt-dx331.dll
[2003/10/02 00:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS.000\System32\lockout.dll
[2003/10/02 00:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS.000\System32\lockres.dll
[2003/03/31 06:00:00 | 000,209,010 | ---- | C] () -- C:\WINDOWS.000\System32\_004610_.tmp.dll
[2003/03/31 06:00:00 | 000,021,116 | ---- | C] () -- C:\WINDOWS.000\System32\_004577_.tmp.dll
[1999/04/23 22:22:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS.000\System32\MEMBG.DLL
[1999/04/23 22:22:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS.000\System32\ICMFILTER.DLL
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS.000\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/06/09 12:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\92AF
[2009/06/29 10:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/15 08:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/03/24 11:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/04/21 17:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/03/18 09:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/12/21 11:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2009/02/18 15:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/02/28 13:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/03/24 11:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/04/22 15:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/09/19 14:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/18 09:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/06/07 10:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/05 13:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\ACD Systems
[2010/12/19 14:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\Canon
[2010/01/23 11:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\CheckPoint
[2010/11/11 14:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2010/06/07 07:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\eMusic
[2010/12/08 07:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\FrostWire
[2010/03/16 16:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\gtk-2.0
[2010/06/28 17:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\imeshmediabartb
[2010/12/06 14:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\LimeWire
[2010/06/10 07:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\MusicNet
[2009/07/10 17:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\Nikon
[2010/12/21 12:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\PriceGong
[2010/06/08 08:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\shareazamediabartb
[2010/10/11 17:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\SystemRequirementsLab
[2009/08/25 17:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\TD AMERITRADE
[2010/12/21 15:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\WinPatrol
[2010/12/21 02:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.000\Tasks\ParetoLogic Registration.job
[2010/12/18 02:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS.000\Tasks\ParetoLogic Update Version2.job
[2010/12/04 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS.000\Tasks\Tune-up Application Start.job
[2010/12/21 16:59:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS.000\Tasks\Uninstall Expiration Reminder.job
[2010/01/29 11:26:55 | 000,000,106 | ---- | M] () -- C:\WINDOWS.000\Tasks\UPS System Shutdown Program.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Clay_2\My Documents\Quicken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Clay_2\My Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Clay_2\My Documents\ForceField Shared Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Clay_2\My Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Clay_2\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Clay_2\My Documents\100_4203.JPG:Roxio EMC Stream
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >


Extras.txt log

OTL Extras logfile created on: 12/21/2010 6:08:10 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Clay_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.000 | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 71.96 Gb Free Space | 64.38% Space Free | Partition Type: NTFS
Drive D: | 7.81 Mb Total Space | 3.81 Mb Free Space | 48.72% Space Free | Partition Type: NTFS
Drive E: | 7.81 Mb Total Space | 3.82 Mb Free Space | 48.92% Space Free | Partition Type: NTFS
Drive F: | 55.91 Gb Total Space | 37.59 Gb Free Space | 67.23% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 437.60 Gb Free Space | 93.95% Space Free | Partition Type: NTFS

Computer Name: OTTERSEA | User Name: Clay_2 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:java -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{00180408-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28FFFE19-141E-47CF-8E9B-DD75B43C4B06}" = BIOS Update
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3D8D3D58-3E27-11D4-8FDD-00104B302D82}" = Turtle Beach Santa Cruz Applications
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6EFA70F2-D6C3-4ECA-BEA9-C1A31277C63A}_is1" = FLV Converter 3.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = MyDVD-VR Recorder
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio Easy Media Creator 9 Suite
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Turtle Beach Santa Cruz Driver
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{EEE791A8-4AB5-1540-FE9D-70EC70938AD2}" = The Complete National Geographic
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"ABC Amber CHM Viewer" = ABC Amber CHM Viewer
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"ATI Display Driver" = ATI Win2k Display Driver
"avast5" = avast! Free Antivirus
"BadCopy Pro" = BadCopy Pro
"Bible Database_is1" = Bible Database 5.1
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CCleaner" = CCleaner
"CDCheck" = CDCheck
"com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1" = The Complete National Geographic
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"CUZ4_is1" = CAM UnZip 4.42
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EASEUS Partition Manager Home Edition_is1" = EASEUS Partition Manager 3.0 Home Edition
"Fellowes/NEATO MediaFACE" = Fellowes/NEATO MediaFACE
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio Converter_is1" = Free Audio Converter version 1.5
"FreeChess" = 100% Free Chess 7.30
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hpHosts_is1" = hpHosts
"ie8" = Windows Internet Explorer 8
"InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}" = Sonic MyDVD-VR
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MightyFaxVersion3_is1" = MightyFax
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Free Mahjong_is1" = My Free Mahjong
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opanda IExif_is1" = Opanda IExif 2.3
"Password Safe" = Password Safe
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"RVer's Notebook" = RVer's Notebook
"SightSpeed" = SightSpeed (remove only)
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Windows" = Windows XP Uninstall
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{A708D60C-467C-46AB-8D40-562C6CD82800}" = TD AMERITRADE StrategyDesk 3.3

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 22nd, 2010, 9:31 am

ottersea,
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
    [2010/12/03 11:36:32 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
    [2010/12/03 11:36:32 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
    [2010/12/03 11:36:32 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
    [2010/12/03 11:36:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
    [2010/12/03 11:36:32 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
    [2010/12/03 11:36:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
    [2010/12/03 11:36:32 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
    FF - prefs.js..browser.search.useDBForOrder: true
    [2010/09/16 13:43:17 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Firefox\Profiles\5a673qin.default\searchplugins\bing.xml
    [2010/09/17 08:18:36 | 000,005,471 | ---- | M] () -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Firefox\Profiles\5a673qin.default\searchplugins\googlecom-in-english.xml
    
    :Commands
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Sign in to this account again and let me know how Firefox behaves
(It's possible we may need to erase the whole firefox directory and re-install it in this account.)

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 22nd, 2010, 10:43 am

Here is the OTL log. I noticed on the first fix that it came back failed to move. Don't know if I should have run this as damin of user but it was run as user.

OTL log

OTL logfile created on: 12/22/2010 8:35:09 AM - Run 3
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Clay_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.000 | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 71.97 Gb Free Space | 64.39% Space Free | Partition Type: NTFS
Drive D: | 7.81 Mb Total Space | 3.81 Mb Free Space | 48.72% Space Free | Partition Type: NTFS
Drive E: | 7.81 Mb Total Space | 3.82 Mb Free Space | 48.92% Space Free | Partition Type: NTFS
Drive F: | 55.91 Gb Total Space | 37.59 Gb Free Space | 67.23% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 437.60 Gb Free Space | 93.95% Space Free | Partition Type: NTFS

Computer Name: OTTERSEA | User Name: Clay_2 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/21 18:07:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clay_2\Desktop\OTL.exe
PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 13:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/29 17:42:14 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/17 12:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/07/12 10:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/01/30 09:35:16 | 000,451,920 | ---- | M] (ACD Systems) -- C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.000\explorer.exe
PRC - [2006/11/14 00:07:00 | 000,102,400 | ---- | M] () -- C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2002/04/17 14:51:08 | 000,290,816 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS.000\SYSTEM32\tbctray.exe


========== Modules (SafeList) ==========

MOD - [2010/12/21 18:07:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clay_2\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.000\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/03/26 12:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "http://www.centurytel.net"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - user.js..browser.startup.homepage: "http://www.centurytel.net"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 12:26:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/21 12:26:27 | 000,000,000 | ---D | M]

[2009/07/11 14:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Extensions
[2009/07/11 14:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/21 18:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Firefox\Profiles\5a673qin.default\extensions
[2010/04/30 15:40:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Clay_2\Application Data\Mozilla\Firefox\Profiles\5a673qin.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/21 12:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/19 08:49:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/19 08:49:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 10:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/12/18 14:15:38 | 003,916,125 | R--- | M]) - C:\WINDOWS.000\SYSTEM32\DRIVERS\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost #IPv4
O1 - Hosts: ::1 localhost # IPv6
O1 - Hosts: 127.0.0.1 0-29.com
O1 - Hosts: 127.0.0.1 0-pdf.com
O1 - Hosts: 127.0.0.1 0.gvt0.com
O1 - Hosts: 127.0.0.1 00.eatgoogle.345.pl
O1 - Hosts: 127.0.0.1 00.eatgoogle.bee.pl
O1 - Hosts: 127.0.0.1 00.eatgoogle.bij.pl
O1 - Hosts: 127.0.0.1 00.eatgoogle.orge.pl
O1 - Hosts: 127.0.0.1 00.eatgoogle.osa.pl
O1 - Hosts: 127.0.0.1 00.googleeat.345.pl
O1 - Hosts: 127.0.0.1 00.googleeat.bee.pl
O1 - Hosts: 127.0.0.1 00.googleeat.bij.pl
O1 - Hosts: 127.0.0.1 00.googleeat.orge.pl
O1 - Hosts: 127.0.0.1 00.googleeat.osa.pl
O1 - Hosts: 127.0.0.1 00.moregoogle.345.pl
O1 - Hosts: 127.0.0.1 00.moregoogle.bee.pl
O1 - Hosts: 127.0.0.1 00.moregoogle.bij.pl
O1 - Hosts: 127.0.0.1 00.moregoogle.osa.pl
O1 - Hosts: 127.0.0.1 000-101.org
O1 - Hosts: 127.0.0.1 000.bbexe.cn
O1 - Hosts: 127.0.0.1 0000.in
O1 - Hosts: 127.0.0.1 0000a-fast-proxy.de
O1 - Hosts: 127.0.0.1 000webhost.com
O1 - Hosts: 127.0.0.1 001.bbexe.cn
O1 - Hosts: 123077 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6F4F95AF-1647-4B72-A632-055405455423} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS.000\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.000\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.000\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS.000\SYSTEM32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 9979722917 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS.000\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS.000\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS.000\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.142.136.220 64.91.3.46
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.000\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS.000\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Clay_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Clay_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/15 04:16:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/22 08:31:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/21 18:07:04 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Clay_2\Desktop\OTL.exe
[2010/12/21 16:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clay_2\Desktop\GooredFix Backups
[2010/12/21 15:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clay_2\Application Data\WinPatrol
[2010/12/21 12:06:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Clay_2\IECompatCache
[2010/12/21 12:05:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Clay_2\PrivacIE
[2010/12/21 11:12:48 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\3636C9237AD64DE3978A09609AEE8ECF.TMP
[2010/12/21 11:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/12/21 11:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/12/21 10:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\hpHosts
[2010/12/21 09:37:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Clay_2\IETldCache
[2010/12/21 09:24:46 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\ie8updates
[2010/12/21 09:23:38 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\WBEM
[2010/12/21 09:22:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS.000\ie8
[2010/12/19 08:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/19 08:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/17 11:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\Internet Logs
[2010/12/13 11:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/11 10:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/12/11 09:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/12/11 09:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/12/11 09:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Web Player
[2010/12/10 14:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/12/10 12:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/10 12:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/07 18:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\System32\2120678167
[2010/12/06 18:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clay_2\My Documents\FrostWire
[2010/12/06 18:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clay_2\Application Data\FrostWire
[2010/12/05 14:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\eCalc Calculator
[2010/11/29 10:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clay_2\My Documents\My Videos
[2006/11/23 13:06:02 | 000,028,672 | R--- | C] ( ) -- C:\WINDOWS.000\System32\DivXGraphBuilderCallback.dll
[33 C:\WINDOWS.000\Fonts\*.tmp files -> C:\WINDOWS.000\Fonts\*.tmp -> ]
[1 C:\WINDOWS.000\*.tmp files -> C:\WINDOWS.000\*.tmp -> ]
[1 C:\Documents and Settings\Clay_2\*.tmp files -> C:\Documents and Settings\Clay_2\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/22 08:32:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS.000\System32\wpa.dbl
[2010/12/22 08:32:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS.000\bootstat.dat
[2010/12/22 08:32:35 | 2137,313,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/21 21:59:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS.000\tasks\Uninstall Expiration Reminder.job
[2010/12/21 18:07:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clay_2\Desktop\OTL.exe
[2010/12/21 12:26:32 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/21 11:00:43 | 000,001,393 | ---- | M] () -- C:\WINDOWS.000\imsins.BAK
[2010/12/21 10:50:02 | 000,331,488 | ---- | M] () -- C:\WINDOWS.000\System32\FNTCACHE.DAT
[2010/12/21 09:23:45 | 000,000,909 | ---- | M] () -- C:\WINDOWS.000\System32\spupdsvc.inf
[2010/12/21 02:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.000\tasks\ParetoLogic Registration.job
[2010/12/19 15:13:08 | 000,173,509 | ---- | M] () -- C:\Documents and Settings\Clay_2\Desktop\bookmarks-2010-12-19.json
[2010/12/19 14:55:45 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/18 14:15:38 | 003,916,125 | R--- | M] () -- C:\WINDOWS.000\System32\drivers\etc\HOSTS
[2010/12/18 02:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS.000\tasks\ParetoLogic Update Version2.job
[2010/12/16 01:00:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS.000\tasks\AppleSoftwareUpdate.job
[2010/12/15 16:10:49 | 000,000,247 | RHS- | M] () -- C:\boot.ini
[2010/12/11 12:36:07 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Clay_2\My Documents\Merry Christmas to all of our dear family and friends.doc
[2010/12/11 09:56:25 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/10 00:19:55 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/10 00:19:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS.000\System32\CONFIG.NT
[2010/12/09 07:57:46 | 000,001,185 | ---- | M] () -- C:\WINDOWS.000\System32\1009706764
[2010/12/07 18:49:09 | 000,203,776 | -HS- | M] () -- C:\WINDOWS.000\System32\unrar.exe
[2010/12/05 14:30:05 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eCalc Calculator.lnk
[2010/12/04 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS.000\tasks\Tune-up Application Start.job
[2010/12/03 09:23:21 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Clay_2\My Documents\spider.sav
[2010/12/02 14:22:29 | 000,021,080 | ---- | M] () -- C:\Documents and Settings\Clay_2\Local Settings\Application Data\rx_audio.Cache
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.000\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.000\System32\drivers\mbam.sys
[1 C:\WINDOWS.000\*.tmp files -> C:\WINDOWS.000\*.tmp -> ]
[1 C:\Documents and Settings\Clay_2\*.tmp files -> C:\Documents and Settings\Clay_2\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/21 12:26:32 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/21 09:23:46 | 000,000,909 | ---- | C] () -- C:\WINDOWS.000\System32\spupdsvc.inf
[2010/12/19 15:13:08 | 000,173,509 | ---- | C] () -- C:\Documents and Settings\Clay_2\Desktop\bookmarks-2010-12-19.json
[2010/12/15 16:11:51 | 2137,313,280 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/11 12:36:07 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Clay_2\My Documents\Merry Christmas to all of our dear family and friends.doc
[2010/12/11 09:56:25 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/08 18:47:54 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/07 18:50:17 | 000,001,185 | ---- | C] () -- C:\WINDOWS.000\System32\1009706764
[2010/12/07 18:49:09 | 000,203,776 | -HS- | C] () -- C:\WINDOWS.000\System32\unrar.exe
[2010/12/05 14:30:05 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eCalc Calculator.lnk
[2010/11/10 21:17:43 | 000,000,260 | ---- | C] () -- C:\WINDOWS.000\MSREGUSR.INI
[2010/07/24 02:43:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS.000\System32\igfxCoIn_v4926.dll
[2010/06/29 20:01:57 | 000,056,056 | ---- | C] () -- C:\WINDOWS.000\System32\DLAAPI_W.DLL
[2010/06/29 18:50:14 | 000,021,080 | ---- | C] () -- C:\Documents and Settings\Clay_2\Local Settings\Application Data\rx_audio.Cache
[2010/05/27 08:49:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS.000\A4W.INI
[2010/05/27 08:47:38 | 000,001,212 | ---- | C] () -- C:\WINDOWS.000\pstudio.ini
[2010/05/27 08:47:38 | 000,000,028 | ---- | C] () -- C:\WINDOWS.000\album.ini
[2010/05/27 08:47:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS.000\Ps_setup.ini
[2010/03/10 16:23:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS.000\System32\fxsperf.ini
[2010/02/11 10:18:48 | 000,000,092 | ---- | C] () -- C:\WINDOWS.000\MFPD.INI
[2009/09/24 08:45:32 | 000,000,388 | ---- | C] () -- C:\WINDOWS.000\ODBC.INI
[2009/08/04 10:39:35 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Clay_2\Local Settings\Application Data\rx_image.Cache
[2009/04/24 12:45:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\ATIMMC.INI
[2009/04/21 17:41:39 | 000,000,090 | ---- | C] () -- C:\WINDOWS.000\QBChanUtil_Trigger.ini
[2009/04/03 09:14:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\PEZDOWNLOAD.INI
[2009/03/18 09:53:18 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2009/03/13 08:18:21 | 000,000,814 | ---- | C] () -- C:\WINDOWS.000\CDFACE32.INI
[2009/03/13 08:18:19 | 000,118,784 | ---- | C] () -- C:\WINDOWS.000\System32\LFKODAK.DLL
[2009/03/13 08:18:17 | 000,338,944 | ---- | C] () -- C:\WINDOWS.000\System32\LFFPX7.DLL
[2009/02/28 13:49:06 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Printers
[2009/02/28 13:49:06 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2009/02/24 18:56:22 | 000,000,718 | ---- | C] () -- C:\WINDOWS.000\WINHELP.INI
[2009/02/24 07:43:01 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt
[2009/02/18 21:43:22 | 000,012,327 | ---- | C] () -- C:\WINDOWS.000\IOS.INI
[2009/02/18 21:43:22 | 000,005,068 | ---- | C] () -- C:\WINDOWS.000\DELETEFI.INI
[2009/02/18 21:43:22 | 000,003,598 | ---- | C] () -- C:\WINDOWS.000\HTMLHELP.INI
[2009/02/18 21:43:22 | 000,003,146 | ---- | C] () -- C:\WINDOWS.000\TELEPHON.INI
[2009/02/18 21:43:22 | 000,002,379 | ---- | C] () -- C:\WINDOWS.000\LEXSTAT.INI
[2009/02/18 21:43:22 | 000,001,119 | ---- | C] () -- C:\WINDOWS.000\dop.ini
[2009/02/18 21:43:22 | 000,000,865 | ---- | C] () -- C:\WINDOWS.000\DOSREP.INI
[2009/02/18 21:43:22 | 000,000,787 | ---- | C] () -- C:\WINDOWS.000\SCANREG.INI
[2009/02/18 21:43:22 | 000,000,643 | ---- | C] () -- C:\WINDOWS.000\wininit.ini
[2009/02/18 21:43:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS.000\LEXHBP.INI
[2009/02/18 21:43:22 | 000,000,124 | ---- | C] () -- C:\WINDOWS.000\QTW.INI
[2009/02/18 21:43:22 | 000,000,074 | ---- | C] () -- C:\WINDOWS.000\voydll.ini
[2009/02/18 21:43:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS.000\EXCHNG32.INI
[2009/02/18 21:43:22 | 000,000,026 | ---- | C] () -- C:\WINDOWS.000\MSOFFICE.INI
[2009/02/18 21:43:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS.000\vautorun.ini
[2009/02/18 21:43:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\progman.ini
[2009/02/18 21:43:21 | 000,007,885 | ---- | C] () -- C:\WINDOWS.000\NETDET.INI
[2009/02/18 21:43:21 | 000,000,122 | ---- | C] () -- C:\WINDOWS.000\PROTOCOL.INI
[2009/02/18 21:43:21 | 000,000,060 | ---- | C] () -- C:\WINDOWS.000\POWERPNT.INI
[2009/02/18 21:43:21 | 000,000,054 | ---- | C] () -- C:\WINDOWS.000\WAVEMIX.INI
[2009/02/18 21:34:52 | 000,004,337 | ---- | C] () -- C:\WINDOWS.000\ODBCINST.INI
[2009/02/18 21:19:28 | 001,822,720 | ---- | C] () -- C:\WINDOWS.000\System32\cmiwcnfg.dll
[2009/02/18 14:20:31 | 000,472,064 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSFormat.dll
[2009/02/18 14:20:31 | 000,180,736 | ---- | C] () -- C:\WINDOWS.000\System32\DeviceManager.dll
[2009/02/18 14:20:31 | 000,139,776 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSCopy.dll
[2009/02/18 14:20:31 | 000,093,184 | ---- | C] () -- C:\WINDOWS.000\System32\Partition.dll
[2009/02/18 14:20:31 | 000,086,528 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSLib.dll
[2009/02/18 14:20:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS.000\System32\ResizeNTFS.dll
[2009/02/18 14:20:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS.000\System32\Device.dll
[2009/02/18 14:20:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS.000\System32\FatCopy.dll
[2009/02/18 14:20:31 | 000,061,952 | ---- | C] () -- C:\WINDOWS.000\System32\FatResizeMove.dll
[2009/02/18 14:20:31 | 000,045,568 | ---- | C] () -- C:\WINDOWS.000\System32\FileSystemCheck.dll
[2009/02/18 14:20:31 | 000,031,744 | ---- | C] () -- C:\WINDOWS.000\System32\FatLib.dll
[2009/02/18 14:20:31 | 000,025,088 | ---- | C] () -- C:\WINDOWS.000\System32\FATFileSystemAnalyser.dll
[2009/02/18 14:20:31 | 000,024,576 | ---- | C] () -- C:\WINDOWS.000\System32\NTFSFileSystemAnalyser.dll
[2009/02/18 14:20:31 | 000,022,016 | ---- | C] () -- C:\WINDOWS.000\System32\FatFormat.dll
[2009/02/18 14:20:31 | 000,021,504 | ---- | C] () -- C:\WINDOWS.000\System32\Fixup.dll
[2009/02/18 14:20:31 | 000,017,920 | ---- | C] () -- C:\WINDOWS.000\System32\SectorCopy.dll
[2009/02/18 14:20:31 | 000,014,848 | ---- | C] () -- C:\WINDOWS.000\System32\FileSystemAnalyser.dll
[2009/02/18 14:20:31 | 000,014,848 | ---- | C] () -- C:\WINDOWS.000\System32\EuEpmGdi.dll
[2009/02/18 14:20:31 | 000,010,752 | ---- | C] () -- C:\WINDOWS.000\System32\DeviceAdapter.dll
[2009/02/18 14:20:31 | 000,008,704 | ---- | C] () -- C:\WINDOWS.000\System32\epmntdrv.sys
[2009/02/18 14:20:31 | 000,006,656 | ---- | C] () -- C:\WINDOWS.000\System32\CallbackOperator.dll
[2009/02/18 14:20:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS.000\System32\EuGdiDrv.sys
[2009/02/18 13:35:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS.000\QUICKEN.INI
[2009/02/15 04:11:22 | 000,000,034 | ---- | C] () -- C:\WINDOWS.000\System32\OEMINFO.INI
[2009/02/06 20:28:37 | 000,022,016 | ---- | C] () -- C:\WINDOWS.000\System32\lxpnpapw.dll
[2009/02/06 06:54:41 | 000,210,944 | ---- | C] () -- C:\WINDOWS.000\System32\MSVCRT10.DLL
[2009/02/05 23:39:53 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS.000\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS.000\System32\AgCPanelFrench.dll
[2006/12/20 12:26:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS.000\System32\px.ini
[2006/11/26 23:01:54 | 000,520,192 | ---- | C] () -- C:\WINDOWS.000\System32\CddbPlaylist2Roxio.dll
[2006/11/26 23:01:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS.000\System32\CddbFileTaggerRoxio.dll
[2006/10/17 06:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS.000\System32\besched.dll
[2005/07/15 12:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS.000\System32\libeay32.dll
[2005/07/15 12:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS.000\System32\ssleay32.dll
[2005/07/15 12:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS.000\System32\qt-dx331.dll
[2003/10/02 00:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS.000\System32\lockout.dll
[2003/10/02 00:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS.000\System32\lockres.dll
[2003/03/31 06:00:00 | 000,209,010 | ---- | C] () -- C:\WINDOWS.000\System32\_004610_.tmp.dll
[2003/03/31 06:00:00 | 000,021,116 | ---- | C] () -- C:\WINDOWS.000\System32\_004577_.tmp.dll
[1999/04/23 22:22:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS.000\System32\MEMBG.DLL
[1999/04/23 22:22:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS.000\System32\ICMFILTER.DLL
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS.000\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/06/09 12:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\92AF
[2009/06/29 10:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/15 08:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/03/24 11:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/04/21 17:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/03/18 09:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/12/21 11:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2009/02/18 15:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/02/28 13:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/03/24 11:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/04/22 15:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/09/19 14:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/18 09:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/06/07 10:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/05 13:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\ACD Systems
[2010/12/19 14:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\Canon
[2010/01/23 11:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\CheckPoint
[2010/11/11 14:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2010/06/07 07:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\eMusic
[2010/12/08 07:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\FrostWire
[2010/03/16 16:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\gtk-2.0
[2010/06/28 17:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\imeshmediabartb
[2010/12/06 14:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\LimeWire
[2010/06/10 07:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\MusicNet
[2009/07/10 17:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\Nikon
[2010/12/21 12:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\PriceGong
[2010/06/08 08:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\shareazamediabartb
[2010/10/11 17:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\SystemRequirementsLab
[2009/08/25 17:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\TD AMERITRADE
[2010/12/21 15:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clay_2\Application Data\WinPatrol
[2010/12/21 02:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.000\Tasks\ParetoLogic Registration.job
[2010/12/18 02:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS.000\Tasks\ParetoLogic Update Version2.job
[2010/12/04 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS.000\Tasks\Tune-up Application Start.job
[2010/12/21 21:59:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS.000\Tasks\Uninstall Expiration Reminder.job
[2010/01/29 11:26:55 | 000,000,106 | ---- | M] () -- C:\WINDOWS.000\Tasks\UPS System Shutdown Program.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Clay_2\My Documents\Quicken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Clay_2\My Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Clay_2\My Documents\ForceField Shared Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Clay_2\My Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Clay_2\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Clay_2\My Documents\100_4203.JPG:Roxio EMC Stream
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby ottersea » December 22nd, 2010, 11:00 am

Okay, ran firefox and it seems to be running good. I notice that google is no longer a search option. I went to the google site and tried a search there and everything seems to work. It sent me to the right place the ones I tried. So seems to be good now. Should I add google to the search options list or just leave it as a bookmark site? Thanks for everything.
ottersea
Regular Member
 
Posts: 41
Joined: December 13th, 2010, 1:47 pm

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 22nd, 2010, 12:48 pm

ottersea,
You can erase OTl from your desktop.
You can add Google to the Firefox search oprions if you wish.
I would suggest you do not add a lot of search engines, and stay away from ask.com altogether.
Good Luck.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: bug that allows google search to take me to a different

Unread postby askey127 » December 23rd, 2010, 4:57 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware