Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirect Problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirect Problem

Unread postby Diane » December 15th, 2010, 1:28 am

Hi, I've been having google redirecting issues for a few weeks. HELP please!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:25:31 AM, on 12/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\AOL\1130009242\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABP4EN\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1130009242\ee\aolsoftware.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [jnm7lrac] C:\WINDOWS\system32\jnm7lrac.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130009242\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABP4EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25336921-03F9-11CF-8FD0-00AA00686F13} (Microsoft HTML Document 6.0) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_related ... oader5.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - http://66.119.139.85/cabs/zinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Update Service (gupdate1cabdfc14d1e06c) (gupdate1cabdfc14d1e06c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8981 bytes
Diane
Active Member
 
Posts: 4
Joined: December 15th, 2010, 1:21 am
Advertisement
Register to Remove

Re: Redirect Problem

Unread postby deltalima » December 16th, 2010, 5:48 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirect Problem

Unread postby deltalima » December 16th, 2010, 5:58 pm

Hi Diane,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirect Problem

Unread postby Diane » December 16th, 2010, 8:59 pm

Hi, Thanks for helping.

Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe PhotoDeluxe 2.0
Adobe Photoshop Tryout
Adobe Shockwave Player 11.5
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Pictures Tools (version 10.4.0.3)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz 2
Bonjour
Broderbund Media Manager
Browser Defender 2.0.6.15
CA Pest Patrol Realtime Protection
Collapse! Deluxe
Cosmi's Photo Editor
Critical Update for Windows Media Player 11 (KB959772)
Cubis Deluxe
Download Updater (AOL LLC)
Easy Internet Sign-up
Family Tree Maker 6.0
Google Earth Plug-in
Google Update Helper
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 3600
HP Deskjet Preloaded Printer Drivers
HP Instant Support
HP Organize
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Deskjet Series
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Photo and Imaging 2.2 - Scanjet 3970 Series
HP PSC & OfficeJet 3.0
HPIZ311
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 17
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 22
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Lizardtech DjVu Control
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Publishing Wizard 1.52
Microsoft Works 7.0
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Musicmatch® Jukebox
Optimizer Tool 5.2
PC-Doctor for Windows
Peanuts - Where's the Blanket Charlie Brown?
Picasa 3
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
QuickTime
RealPlayer
RealUpgrade 1.0
RecordNow!
Rhapsody Player Engine
Rugrats in Paris
Safari
Safety and Security Center Uninstaller
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Select CashBack
Serif DrawPlus 3.0
Shockwave
Sonic Update Manager
SpamSubtract
Spyware Doctor 7.0
SUPERAntiSpyware
TextTwist Deluxe
The Print Shop
The Simpsons Hit & Run(TM)
toolkit
TWC Customer Controls
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
Viewpoint Media Player
VR-1 Game Launcher
Who Wants To Be A Millionaire
WildTangent Web Driver
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3

________________________________________________________________________________

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spyware Doctor 7.0
SUPERAntiSpyware
Java(TM) 6 Update 22
Java 2 Runtime Environment, SE v1.4.2
Adobe Flash Player 10.1.102.64
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````
Diane
Active Member
 
Posts: 4
Joined: December 15th, 2010, 1:21 am

Re: Redirect Problem

Unread postby deltalima » December 17th, 2010, 6:42 am

Hi Diane,

No anti-virus

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Now please run a full scan and post the log in your next reply.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirect Problem

Unread postby Diane » December 18th, 2010, 5:07 pm

Here is one scan. I'll post the other in a few minutes. I do have superantivirus and that scan didn't show anything. I also have spywaredoctor but keep it turned off most of the time because it makes my computer run really slow. I didn't get spyware doctor until after the redirecting problems started.


OTL logfile created on: 12/18/2010 3:44:02 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.81 Gb Total Space | 45.07 Gb Free Space | 63.64% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.94 Gb Free Space | 17.12% Space Free | Partition Type: FAT32

Computer Name: DIANE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Common Files\AOL\1130009242\ee\aolsoftware.exe (AOL LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe (Musicmatch, Inc.)
PRC - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe (Musicmatch, Inc.)
PRC - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
PRC - C:\WINDOWS\ltmsg.exe (Agere Systems)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
PRC - C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\CA\PPRT\bin\CAServer.dll (CA, Inc.)
MOD - C:\Program Files\CA\PPRT\bin\msvcp71.dll (Microsoft Corporation)
MOD - C:\Program Files\CA\PPRT\bin\msvcr71.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (ThreatFire) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (ITMRTSVC) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (SYMIDSCO) -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS File not found
DRV - (Sunkfiltp) -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys File not found
DRV - (aec) -- C:\WINDOWS\System32\drivers\aec.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (TfSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (asbp2poa) -- C:\Documents and Settings\Owner\Local Settings\Temp\asbp2poa.sys ()
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (nvcap) nVidia WDM Video Capture (universal) -- C:\WINDOWS\system32\drivers\nvcap.sys ()
DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\nvxbar.sys (NVIDIA Corporation)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll File not found


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aol-chromesbox-en-us&tb_uuid=20100825191559640&tb_oid=25-08-2010&tb_mrud=25-08-2010"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {3944C27C-E4CE-4C30-A678-DAEDC13A1765}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.6034
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: trackerblock@privacychoice.org:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/07 08:49:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3944C27C-E4CE-4C30-A678-DAEDC13A1765}: C:\Documents and Settings\Owner\Local Settings\Application Data\{3944C27C-E4CE-4C30-A678-DAEDC13A1765} [2010/07/23 02:05:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/17 16:06:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/17 16:06:16 | 000,000,000 | ---D | M]

[2009/01/28 20:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/12/17 21:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions
[2010/08/25 14:17:26 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/12/09 22:16:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/24 22:30:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/19 22:19:37 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2010/01/10 23:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions\support@ancestry.com
[2010/11/17 15:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions\trackerblock@privacychoice.org
[2010/08/25 14:18:01 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\searchplugins\aol-search.xml
[2009/01/29 17:02:59 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\searchplugins\ask.xml
[2010/08/03 16:33:12 | 000,002,426 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\searchplugins\askcom.xml
[2010/12/17 21:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 18:35:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
[2010/05/14 09:21:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/14 07:44:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/20 11:08:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/05 17:20:56 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2005/12/17 12:20:31 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found
O3 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE ()
O4 - HKLM..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE File not found
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130009242\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [jnm7lrac] C:\WINDOWS\System32\jnm7lrac.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] File not found
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [Acme.PCHButton] C:\Program Files\HP Instant Support\Pavilion\XPHNABP4EN\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe ( )
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe File not found
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [RecordNow!] File not found
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe ()
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\AutoTBar.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {25336921-03F9-11CF-8FD0-00AA00686F13} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Microsoft HTML Document 6.0)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related ... oader5.cab (Image Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} http://66.119.139.85/cabs/zinst.cab (Genealogy Browser)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 21:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dfrgsync - (C:\WINDOWS\system32\pentinst.dll) - C:\WINDOWS\system32\pentinst.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/14 18:28:35 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/14 16:19:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/01 22:35:18 | 004,280,320 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/22 21:32:32 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/11/22 21:32:32 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/11/22 21:32:31 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/11/22 19:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2010/11/22 18:42:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/11/22 18:42:39 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/11/22 18:42:39 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/11/22 18:38:53 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/11/22 18:38:23 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/11/22 18:38:23 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/11/22 18:37:57 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/11/22 18:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/11/22 18:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/22 18:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2010/11/22 18:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/18 15:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/18 12:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\OptimizerTool_home.job
[2010/12/18 11:29:36 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1055983683-181439161-4286377498-1003.job
[2010/12/18 11:29:35 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1055983683-181439161-4286377498-1003.job
[2010/12/18 11:14:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/17 22:02:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/17 22:01:51 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/12/17 22:01:26 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\fcrqj.job
[2010/12/17 22:01:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/17 22:01:13 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/17 16:20:34 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/17 16:05:25 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/12/17 15:52:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/14 20:22:53 | 000,317,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/14 20:05:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/13 02:30:46 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/12/13 02:30:46 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/12/12 01:29:31 | 000,000,924 | ---- | M] () -- C:\WINDOWS\EZPHOTO.INI
[2010/12/12 01:22:21 | 000,005,867 | ---- | M] () -- C:\My Photos.GAL
[2010/12/12 01:22:21 | 000,002,453 | ---- | M] () -- C:\EZPHOTO.GAL
[2010/12/08 01:28:27 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Resume NOV. 2010.wps
[2010/12/06 15:20:09 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#deskjet3600#CN3AS3F5B46B.job
[2010/12/04 21:20:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2010/12/01 22:35:18 | 004,280,320 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/26 20:05:45 | 000,070,473 | ---- | M] () -- C:\VETlog.dmp
[2010/11/26 16:15:43 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/11/26 16:15:43 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/11/24 22:45:53 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Optimizer Tool.lnk
[2010/11/22 18:38:06 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/21 23:18:43 | 052,510,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\nevins tree2.FBK
[2010/11/21 23:18:43 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/11/21 23:18:37 | 052,510,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\nevins tree2.FTW
[2010/11/21 16:33:01 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/21 01:22:47 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/17 16:20:34 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/17 16:05:25 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/12/13 02:30:46 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/12/13 02:30:46 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/11/28 08:59:39 | 000,000,360 | ---- | C] () -- C:\Documents and Settings\Owner\cfscript.txt
[2010/11/24 22:45:53 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Optimizer Tool.lnk
[2010/11/22 18:42:40 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/11/22 18:42:40 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/11/22 18:42:40 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/11/22 18:42:39 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/11/22 18:42:39 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/11/22 18:38:53 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/11/22 18:38:23 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/11/22 18:38:23 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/11/22 18:38:06 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/22 18:37:57 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/11/15 19:02:33 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\ialmdd5R.dll
[2010/11/05 17:21:56 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/08/11 16:22:13 | 000,000,181 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/22 20:40:26 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\pentinst.dll
[2010/07/22 20:40:09 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\omubwk.dat
[2010/07/22 20:39:49 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\avdrn.dat
[2009/09/06 16:27:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/12 20:12:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\brodSel32.dll
[2008/07/09 17:25:35 | 000,000,049 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/03/22 22:09:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\cglp.ini
[2008/01/27 18:10:15 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2007/12/02 01:31:19 | 000,000,063 | ---- | C] () -- C:\WINDOWS\MADCCP.INI
[2007/12/02 01:20:26 | 000,000,076 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2007/12/02 01:18:04 | 000,000,108 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2007/07/27 18:44:51 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/15 21:00:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\~tmp.INI
[2006/06/06 06:22:03 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ImportClient.ini
[2006/02/14 00:34:33 | 000,000,134 | ---- | C] () -- C:\WINDOWS\Z.ini
[2006/02/06 12:57:27 | 000,001,408 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PopUpNoNo.opt
[2005/12/22 02:47:59 | 000,000,108 | ---- | C] () -- C:\WINDOWS\Peanuts Baseball Game.ini
[2005/12/22 02:47:59 | 000,000,079 | ---- | C] () -- C:\WINDOWS\FSaver.ini
[2005/09/26 17:41:45 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/08/07 11:31:00 | 000,000,431 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/08/06 22:48:19 | 000,000,096 | ---- | C] () -- C:\WINDOWS\VSV.INI
[2005/05/31 16:13:19 | 000,000,106 | ---- | C] () -- C:\WINDOWS\ps.INI
[2005/03/28 18:07:05 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2005/03/28 17:20:52 | 000,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL
[2005/03/17 21:17:57 | 000,003,243 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/12/15 21:19:51 | 000,000,924 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI
[2004/12/05 22:14:26 | 000,000,105 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/12/05 22:14:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/11/04 23:13:19 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/09/17 22:43:19 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/15 18:29:32 | 000,000,167 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2004/09/15 17:55:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
[2004/09/15 17:55:41 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/09/15 17:55:40 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/08/08 23:47:44 | 000,000,452 | ---- | C] () -- C:\WINDOWS\PhEdit.ini
[2004/07/14 10:37:53 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/06 20:36:31 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/04/07 18:21:39 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Showbiz20.ini
[2004/04/05 20:35:36 | 000,000,329 | ---- | C] () -- C:\WINDOWS\PhEdit32.ini
[2004/03/29 19:00:02 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2004/03/28 15:23:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\encarta.ini
[2004/03/28 14:21:00 | 000,000,124 | ---- | C] () -- C:\WINDOWS\KA.INI
[2004/03/21 21:04:34 | 000,000,351 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2004/03/21 20:30:33 | 000,000,215 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2004/03/16 21:00:01 | 000,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2004/03/16 16:39:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\MSrev01.dll
[2004/03/13 19:53:11 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\MSrev41.dll
[2004/03/12 22:27:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/03/05 18:48:26 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/03/01 20:37:39 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WWWBATCH.INI
[2004/03/01 20:12:50 | 000,000,352 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/02/29 18:58:05 | 000,001,891 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2004/02/29 17:56:32 | 000,000,480 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/02/27 21:45:44 | 000,001,561 | ---- | C] () -- C:\WINDOWS\disney.ini
[2003/10/14 00:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/14 00:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/10/14 00:24:52 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/10/13 17:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/10/13 17:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/10/11 00:33:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/10/11 00:33:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/10/11 00:33:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/10/11 00:31:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/10/11 00:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/10/11 00:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/10/11 00:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/10/11 00:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/10/11 00:18:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/11 00:07:37 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/10 22:39:27 | 000,007,379 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/10/10 22:23:54 | 000,126,348 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2003/10/10 22:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/10 21:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/10/10 21:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/10/10 21:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/10/10 21:35:14 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/10 21:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/10 14:26:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/23 03:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


OTL logfile created on: 12/18/2010 3:44:02 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.81 Gb Total Space | 45.07 Gb Free Space | 63.64% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.94 Gb Free Space | 17.12% Space Free | Partition Type: FAT32

Computer Name: DIANE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Common Files\AOL\1130009242\ee\aolsoftware.exe (AOL LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe (Musicmatch, Inc.)
PRC - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe (Musicmatch, Inc.)
PRC - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
PRC - C:\WINDOWS\ltmsg.exe (Agere Systems)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
PRC - C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\CA\PPRT\bin\CAServer.dll (CA, Inc.)
MOD - C:\Program Files\CA\PPRT\bin\msvcp71.dll (Microsoft Corporation)
MOD - C:\Program Files\CA\PPRT\bin\msvcr71.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (ThreatFire) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (ITMRTSVC) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (SYMIDSCO) -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS File not found
DRV - (Sunkfiltp) -- C:\WINDOWS\System32\Drivers\sunkfiltp.sys File not found
DRV - (aec) -- C:\WINDOWS\System32\drivers\aec.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (TfSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (asbp2poa) -- C:\Documents and Settings\Owner\Local Settings\Temp\asbp2poa.sys ()
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (nvcap) nVidia WDM Video Capture (universal) -- C:\WINDOWS\system32\drivers\nvcap.sys ()
DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\nvxbar.sys (NVIDIA Corporation)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll File not found


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aol-chromesbox-en-us&tb_uuid=20100825191559640&tb_oid=25-08-2010&tb_mrud=25-08-2010"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {3944C27C-E4CE-4C30-A678-DAEDC13A1765}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.6034
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: trackerblock@privacychoice.org:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/07 08:49:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3944C27C-E4CE-4C30-A678-DAEDC13A1765}: C:\Documents and Settings\Owner\Local Settings\Application Data\{3944C27C-E4CE-4C30-A678-DAEDC13A1765} [2010/07/23 02:05:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/17 16:06:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/17 16:06:16 | 000,000,000 | ---D | M]

[2009/01/28 20:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/12/17 21:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions
[2010/08/25 14:17:26 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/12/09 22:16:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/24 22:30:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/19 22:19:37 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2010/01/10 23:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions\support@ancestry.com
[2010/11/17 15:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\extensions\trackerblock@privacychoice.org
[2010/08/25 14:18:01 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\searchplugins\aol-search.xml
[2009/01/29 17:02:59 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\searchplugins\ask.xml
[2010/08/03 16:33:12 | 000,002,426 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tbqjzl6l.default\searchplugins\askcom.xml
[2010/12/17 21:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/13 18:35:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
[2010/05/14 09:21:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/14 07:44:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/20 11:08:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/05 17:20:56 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2005/12/17 12:20:31 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found
O3 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE ()
O4 - HKLM..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE File not found
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130009242\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [jnm7lrac] C:\WINDOWS\System32\jnm7lrac.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] File not found
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [Acme.PCHButton] C:\Program Files\HP Instant Support\Pavilion\XPHNABP4EN\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe ( )
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe File not found
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [RecordNow!] File not found
O4 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe ()
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\AutoTBar.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-1055983683-181439161-4286377498-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {25336921-03F9-11CF-8FD0-00AA00686F13} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Microsoft HTML Document 6.0)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related ... oader5.cab (Image Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} http://66.119.139.85/cabs/zinst.cab (Genealogy Browser)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 21:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dfrgsync - (C:\WINDOWS\system32\pentinst.dll) - C:\WINDOWS\system32\pentinst.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/14 18:28:35 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/14 16:19:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/01 22:35:18 | 004,280,320 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/22 21:32:32 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/11/22 21:32:32 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/11/22 21:32:31 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/11/22 19:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2010/11/22 18:42:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/11/22 18:42:39 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/11/22 18:42:39 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/11/22 18:38:53 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/11/22 18:38:23 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/11/22 18:38:23 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/11/22 18:37:57 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/11/22 18:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/11/22 18:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/22 18:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2010/11/22 18:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/18 15:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/18 12:00:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\OptimizerTool_home.job
[2010/12/18 11:29:36 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1055983683-181439161-4286377498-1003.job
[2010/12/18 11:29:35 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1055983683-181439161-4286377498-1003.job
[2010/12/18 11:14:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/17 22:02:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/17 22:01:51 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/12/17 22:01:26 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\fcrqj.job
[2010/12/17 22:01:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/17 22:01:13 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/17 16:20:34 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/17 16:05:25 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/12/17 15:52:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/14 20:22:53 | 000,317,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/14 20:05:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/13 02:30:46 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/12/13 02:30:46 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/12/12 01:29:31 | 000,000,924 | ---- | M] () -- C:\WINDOWS\EZPHOTO.INI
[2010/12/12 01:22:21 | 000,005,867 | ---- | M] () -- C:\My Photos.GAL
[2010/12/12 01:22:21 | 000,002,453 | ---- | M] () -- C:\EZPHOTO.GAL
[2010/12/08 01:28:27 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Resume NOV. 2010.wps
[2010/12/06 15:20:09 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#deskjet3600#CN3AS3F5B46B.job
[2010/12/04 21:20:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2010/12/01 22:35:18 | 004,280,320 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/26 20:05:45 | 000,070,473 | ---- | M] () -- C:\VETlog.dmp
[2010/11/26 16:15:43 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/11/26 16:15:43 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/11/24 22:45:53 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Optimizer Tool.lnk
[2010/11/22 18:38:06 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/21 23:18:43 | 052,510,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\nevins tree2.FBK
[2010/11/21 23:18:43 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/11/21 23:18:37 | 052,510,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\nevins tree2.FTW
[2010/11/21 16:33:01 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/21 01:22:47 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/17 16:20:34 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/17 16:05:25 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/12/13 02:30:46 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/12/13 02:30:46 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/11/28 08:59:39 | 000,000,360 | ---- | C] () -- C:\Documents and Settings\Owner\cfscript.txt
[2010/11/24 22:45:53 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Optimizer Tool.lnk
[2010/11/22 18:42:40 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/11/22 18:42:40 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/11/22 18:42:40 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/11/22 18:42:39 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/11/22 18:42:39 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/11/22 18:38:53 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/11/22 18:38:23 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/11/22 18:38:23 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/11/22 18:38:06 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/22 18:37:57 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/11/15 19:02:33 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\ialmdd5R.dll
[2010/11/05 17:21:56 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/08/11 16:22:13 | 000,000,181 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/22 20:40:26 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\pentinst.dll
[2010/07/22 20:40:09 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\omubwk.dat
[2010/07/22 20:39:49 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\avdrn.dat
[2009/09/06 16:27:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/12 20:12:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\brodSel32.dll
[2008/07/09 17:25:35 | 000,000,049 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/03/22 22:09:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\cglp.ini
[2008/01/27 18:10:15 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2007/12/02 01:31:19 | 000,000,063 | ---- | C] () -- C:\WINDOWS\MADCCP.INI
[2007/12/02 01:20:26 | 000,000,076 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2007/12/02 01:18:04 | 000,000,108 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2007/07/27 18:44:51 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/15 21:00:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\~tmp.INI
[2006/06/06 06:22:03 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ImportClient.ini
[2006/02/14 00:34:33 | 000,000,134 | ---- | C] () -- C:\WINDOWS\Z.ini
[2006/02/06 12:57:27 | 000,001,408 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PopUpNoNo.opt
[2005/12/22 02:47:59 | 000,000,108 | ---- | C] () -- C:\WINDOWS\Peanuts Baseball Game.ini
[2005/12/22 02:47:59 | 000,000,079 | ---- | C] () -- C:\WINDOWS\FSaver.ini
[2005/09/26 17:41:45 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/08/07 11:31:00 | 000,000,431 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/08/06 22:48:19 | 000,000,096 | ---- | C] () -- C:\WINDOWS\VSV.INI
[2005/05/31 16:13:19 | 000,000,106 | ---- | C] () -- C:\WINDOWS\ps.INI
[2005/03/28 18:07:05 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2005/03/28 17:20:52 | 000,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL
[2005/03/17 21:17:57 | 000,003,243 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/12/15 21:19:51 | 000,000,924 | ---- | C] () -- C:\WINDOWS\EZPHOTO.INI
[2004/12/05 22:14:26 | 000,000,105 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/12/05 22:14:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/11/04 23:13:19 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/09/17 22:43:19 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/15 18:29:32 | 000,000,167 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2004/09/15 17:55:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
[2004/09/15 17:55:41 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/09/15 17:55:40 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/08/08 23:47:44 | 000,000,452 | ---- | C] () -- C:\WINDOWS\PhEdit.ini
[2004/07/14 10:37:53 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/06 20:36:31 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/04/07 18:21:39 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Showbiz20.ini
[2004/04/05 20:35:36 | 000,000,329 | ---- | C] () -- C:\WINDOWS\PhEdit32.ini
[2004/03/29 19:00:02 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2004/03/28 15:23:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\encarta.ini
[2004/03/28 14:21:00 | 000,000,124 | ---- | C] () -- C:\WINDOWS\KA.INI
[2004/03/21 21:04:34 | 000,000,351 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2004/03/21 20:30:33 | 000,000,215 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2004/03/16 21:00:01 | 000,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2004/03/16 16:39:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\MSrev01.dll
[2004/03/13 19:53:11 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\MSrev41.dll
[2004/03/12 22:27:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/03/05 18:48:26 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/03/01 20:37:39 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WWWBATCH.INI
[2004/03/01 20:12:50 | 000,000,352 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/02/29 18:58:05 | 000,001,891 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2004/02/29 17:56:32 | 000,000,480 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/02/27 21:45:44 | 000,001,561 | ---- | C] () -- C:\WINDOWS\disney.ini
[2003/10/14 00:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/14 00:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/10/14 00:24:52 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/10/13 17:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/10/13 17:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/10/11 00:33:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/10/11 00:33:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/10/11 00:33:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/10/11 00:31:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/10/11 00:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/10/11 00:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/10/11 00:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/10/11 00:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/10/11 00:18:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/11 00:07:37 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/10 22:39:27 | 000,007,379 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/10/10 22:23:54 | 000,126,348 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2003/10/10 22:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/10 21:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/10/10 21:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/10/10 21:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/10/10 21:35:14 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/10 21:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/10 14:26:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/23 03:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
Diane
Active Member
 
Posts: 4
Joined: December 15th, 2010, 1:21 am

Re: Redirect Problem

Unread postby deltalima » December 18th, 2010, 5:31 pm

Hi Diane,

You posted OTL.txt twice, please post Extras.txt then the log from GMER.

I do have superantivirus


I see SUPERAntiSpyware installed, does that include real time antivirus protection? If not you will still need to install an antivirus program.

[2010/11/28 08:59:39 | 000,000,360 | ---- | C] () -- C:\Documents and Settings\Owner\cfscript.txt


Have you run Combofix? if so did you receive help in another forum?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirect Problem

Unread postby Diane » December 18th, 2010, 10:44 pm

Oops. Sorry. I tried to do the GMER scan but it took a long time and then somehow I made it crash. Can I send it tomorrow?



OTL Extras logfile created on: 12/18/2010 3:44:02 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.81 Gb Total Space | 45.07 Gb Free Space | 63.64% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.94 Gb Free Space | 17.12% Space Free | Partition Type: FAT32

Computer Name: DIANE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = aol_htm] -- C:\Program Files\AOL\Explorer\1.2\AOLExplorer.exe (America Online, Inc.)

[HKEY_USERS\S-1-5-21-1055983683-181439161-4286377498-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0c\waol.exe" = C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:America Online 9.0c -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Disabled:WinMX Application -- File not found
"C:\Program Files\America Online 9.0e\waol.exe" = C:\Program Files\America Online 9.0e\waol.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0c\waol.exe" = C:\Program Files\America Online 9.0c\waol.exe:*:Disabled:America Online 9.0c -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1130009242\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1130009242\ee\AOLServiceHost.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Disabled:AOL -- (AOL, LLC.)
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1130009242\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1130009242\ee\aolsoftware.exe:*:Disabled:AOL Services -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Disabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"C:\Documents and Settings\Owner\My Documents\Downloads\pdf_converter.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\pdf_converter.exe:*:Disabled:PDF Creator -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{136FD2EA-C01B-4351-90CA-1C7E49291CF0}" = Rugrats in Paris
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{26346FB6-4F69-453D-95CE-B6BA3A5382F8}" = Broderbund Media Manager
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}" = HP Photo and Imaging 2.2 - Scanjet 3970 Series
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}" = hp deskjet 3600
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BA3AD0C7-C444-4512-B71D-591A1A9320FC}_is1" = Optimizer Tool 5.2
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ311
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run(TM)
"{F8722041-B63A-47FB-82A8-5F0977E1CF45}" = TWC Customer Controls
"{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}" = The Print Shop
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PhotoDeluxe 2.0" = Adobe PhotoDeluxe 2.0
"Adobe Photoshop Tryout" = Adobe Photoshop Tryout
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Pictures" = AOL Pictures Tools (version 10.4.0.3)
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"BackWeb-137903 Uninstaller" = Updates from HP
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Collapse! Deluxe " = Collapse! Deluxe
"Cosmi's Photo Editor" = Cosmi's Photo Editor
"Cubis Deluxe" = Cubis Deluxe
"Family Tree Maker" = Family Tree Maker 6.0
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"HPTOOLKIT" = toolkit
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InterActual Player" = InterActual Player
"k55uibjk" = Select CashBack
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" =
"Peanuts - Where's the Blanket Charlie Brown?" = Peanuts - Where's the Blanket Charlie Brown?
"Picasa 3" = Picasa 3
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"Serif DrawPlus 3.0" = Serif DrawPlus 3.0
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpamSubtract" = SpamSubtract
"Spyware Doctor" = Spyware Doctor 7.0
"SSC Uninstaller" = Safety and Security Center Uninstaller
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TextTwist Deluxe" = TextTwist Deluxe
"ViewpointMediaPlayer" = Viewpoint Media Player
"VR-1 Game Launcher" = VR-1 Game Launcher
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Who Wants To Be A Millionaire" = Who Wants To Be A Millionaire
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1055983683-181439161-4286377498-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/18/2010 2:07:38 AM | Computer Name = DIANE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5437

Error - 12/18/2010 2:07:40 AM | Computer Name = DIANE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/18/2010 2:07:40 AM | Computer Name = DIANE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7437

Error - 12/18/2010 2:07:40 AM | Computer Name = DIANE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7437

Error - 12/18/2010 2:07:42 AM | Computer Name = DIANE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/18/2010 2:07:42 AM | Computer Name = DIANE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9406

Error - 12/18/2010 2:07:42 AM | Computer Name = DIANE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9406

Error - 12/18/2010 2:07:44 AM | Computer Name = DIANE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/18/2010 2:07:44 AM | Computer Name = DIANE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11390

Error - 12/18/2010 2:07:44 AM | Computer Name = DIANE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11390

[ System Events ]
Error - 12/17/2010 2:06:06 PM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 12/17/2010 2:06:06 PM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM Video Capture (universal) service failed to start due
to the following error: %%1058

Error - 12/17/2010 2:06:06 PM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM A/V Crossbar service failed to start due to the following
error: %%1058

Error - 12/17/2010 2:06:35 PM | Computer Name = DIANE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ITMRTSVC service.

Error - 12/17/2010 2:08:15 PM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 12/17/2010 10:59:34 PM | Computer Name = DIANE | Source = DCOM | ID = 10010
Description = The server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} did not register
with DCOM within the required timeout.

Error - 12/17/2010 11:02:14 PM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 12/17/2010 11:02:14 PM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM Video Capture (universal) service failed to start due
to the following error: %%1058

Error - 12/17/2010 11:02:14 PM | Computer Name = DIANE | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM A/V Crossbar service failed to start due to the following
error: %%1058

Error - 12/17/2010 11:02:17 PM | Computer Name = DIANE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ITMRTSVC service.


< End of report >
Diane
Active Member
 
Posts: 4
Joined: December 15th, 2010, 1:21 am

Re: Redirect Problem

Unread postby deltalima » December 19th, 2010, 6:47 am

Hi Diane,

Oops. Sorry. I tried to do the GMER scan but it took a long time and then somehow I made it crash. Can I send it tomorrow?


Yes that will be fine.

You still need to install Antivirus software

If you still have problems running GMER then please run this alternative scan.


Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

Also please let me know if you have previously run Combofix.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirect Problem

Unread postby Gary R » December 22nd, 2010, 8:36 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware