Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Getting redirected to Gomeo on Internet Searches

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Getting redirected to Gomeo on Internet Searches

Unread postby DivoMA » March 5th, 2011, 4:41 am

Hoping someone can help me. I've tried everything and keep getting redirected on internet searches.
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/26/2011 3:02:14 PM
System Uptime: 3/5/2011 9:07:00 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0M3918
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 55 GiB total, 36.784 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 1.015 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: SoundMAX Integrated Digital Audio
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01811028&REV_03\3&172E68DD&0&F2
Manufacturer: Analog Devices, Inc.
Name: SoundMAX Integrated Digital Audio
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01811028&REV_03\3&172E68DD&0&F2
Service: smwdm
.
==== System Restore Points ===================
.
RP19: 3/3/2011 9:00:03 AM - Windows Modules Installer
RP20: 3/4/2011 8:05:21 AM - Windows Update
RP21: 3/5/2011 9:04:07 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Creative MediaSource 5
Creative Software AutoUpdate
DAEMON Tools Lite
DAEMON Tools Toolbar
Free M4a to MP3 Converter 6.2
Google Talk Plugin
Intel(R) Graphics Media Accelerator Driver
iTunes
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.14)
QuickTime
.
==== End Of File ===========================
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by waynehobbs at 9:31:10.01 on Sat 03/05/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.1014.388 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\cryptbase32.exe
C:\ProgramData\catsrv32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\NlsData0002wow.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\FXSEXT32wow.exe
C:\Windows\WWanHCwow.exe
C:\Windows\userenvwow.exe
C:\Windows\mscanduiwow.exe
C:\Windows\RpcDiagwow.exe
C:\Windows\Vaultwow.exe
C:\Windows\NlsData0002wow.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\WWanHCwow.exe
C:\Windows\FXSEXT32wow.exe
C:\Windows\userenvwow.exe
C:\Windows\mscanduiwow.exe
C:\Windows\Vaultwow.exe
C:\Windows\RpcDiagwow.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\waynehobbs\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\waynehobbs\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
BHO: {95e7d21c-8607-4f1f-8579-47541bc72259} - c:\windows\system32\api-ms-win-core-interlocked-l1-1-032.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [Creative MediaSource Go] "c:\program files\creative\mediasource5\go\CTCMSGoU.exe" /SCB
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MtdAcqu] "c:\program files\creative\mediasource5\MtdAcqu.exe" /s
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [WWanHCwow.exe] c:\windows\WWanHCwow.exe
uRun: [FXSEXT32wow.exe] c:\windows\FXSEXT32wow.exe
uRun: [userenvwow.exe] c:\windows\userenvwow.exe
uRun: [Google Update] "c:\users\waynehobbs\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [mscanduiwow.exe] c:\windows\mscanduiwow.exe
uRun: [Vaultwow.exe] c:\windows\Vaultwow.exe
uRun: [RpcDiagwow.exe] c:\windows\RpcDiagwow.exe
uRun: [NlsData0002wow.exe] c:\windows\NlsData0002wow.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RTHDBPL] c:\users\waynehobbs\appdata\roaming\syswin\lsass.exe
mRun: [FXSEXT32wow.exe] c:\windows\FXSEXT32wow.exe
mRun: [WWanHCwow.exe] c:\windows\WWanHCwow.exe
mRun: [userenvwow.exe] c:\windows\userenvwow.exe
mRun: [mscanduiwow.exe] c:\windows\mscanduiwow.exe
mRun: [RpcDiagwow.exe] c:\windows\RpcDiagwow.exe
mRun: [Vaultwow.exe] c:\windows\Vaultwow.exe
mRun: [NlsData0002wow.exe] c:\windows\NlsData0002wow.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\programdata\api-ms-win-core-interlocked-l1-1-032.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\wayneh~1\appdata\roaming\mozilla\firefox\profiles\855fu4jg.default\
FF - plugin: c:\users\waynehobbs\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\waynehobbs\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\waynehobbs\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-1 218688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-26 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-26 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-26 61960]
R2 wmiApSrv32;WMI-Leistungsadapter ;c:\windows\system32\cryptbase32.exe [2011-3-1 1457664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2011-03-05 08:08:14 521216 --sh--w- c:\windows\NlsData0002wow.exe
2011-03-05 07:17:26 -------- d-----w- C:\VundoFix Backups
2011-03-05 06:27:23 521216 --sh--w- c:\windows\Vaultwow.exe
2011-03-04 08:59:24 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2011-03-04 07:05:53 5943120 ----a-w- c:\progra~3\microsoft\windows defender\definition updates\{fb98a956-fd52-45fe-ba53-48d77ca84b72}\mpengine.dll
2011-03-04 06:59:23 521216 --sh--w- c:\windows\RpcDiagwow.exe
2011-03-04 01:29:07 522752 --sh--w- c:\windows\mscanduiwow.exe
2011-03-03 08:03:52 522752 --sh--w- c:\windows\userenvwow.exe
2011-03-03 06:41:47 522752 --sh--w- c:\windows\WWanHCwow.exe
2011-03-02 21:42:55 522752 --sh--w- c:\windows\FXSEXT32wow.exe
2011-03-02 21:42:50 -------- d-sh--w- c:\progra~3\5CCC04302DE837ED587718F1CE31830A
2011-03-01 21:10:18 -------- d-sh--w- c:\progra~3\SysWoW32
2011-03-01 21:10:18 -------- d-----w- c:\progra~3\464568782
2011-03-01 21:10:04 203776 --sh--w- c:\progra~3\unrar.exe
2011-03-01 21:10:04 -------- d-----w- c:\progra~3\908407606
2011-03-01 21:09:26 253952 ----a-w- c:\progra~3\api-ms-win-core-interlocked-l1-1-032.dll
2011-03-01 21:09:20 -------- d-sh--w- c:\users\wayneh~1\appdata\roaming\SysWin
2011-03-01 21:09:17 222720 ----a-w- c:\windows\system32\catsrv32.exe
2011-03-01 21:09:16 424448 ----a-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-032.dll
2011-03-01 13:03:22 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-01 13:03:03 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-03-01 13:02:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-03-01 13:02:19 -------- d-----w- c:\users\wayneh~1\appdata\roaming\DAEMON Tools Lite
2011-03-01 13:02:19 -------- d-----w- c:\progra~3\DAEMON Tools Lite
2011-03-01 11:37:06 1457664 ----a-r- c:\windows\system32\cryptbase32.exe
2011-03-01 11:37:06 1457664 ----a-r- c:\progra~3\catsrv32.exe
2011-03-01 06:17:11 5943120 ----a-w- c:\progra~3\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-02-28 16:34:36 -------- d-----w- c:\users\wayneh~1\appdata\local\Apple Computer
2011-02-28 16:34:03 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-28 16:34:03 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-28 16:33:10 -------- d-----w- c:\program files\iPod
2011-02-28 16:33:07 -------- d-----w- c:\program files\iTunes
2011-02-28 16:33:07 -------- d-----w- c:\progra~3\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-28 16:30:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-02-28 16:30:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-02-28 16:30:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-02-28 16:30:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-02-28 16:30:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-02-28 16:30:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-02-28 16:30:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-02-28 16:29:54 -------- d-----w- c:\users\wayneh~1\appdata\local\Apple
2011-02-28 16:28:56 -------- d-----w- c:\program files\Bonjour
2011-02-28 07:05:26 -------- d-----w- c:\users\wayneh~1\appdata\local\Opera
2011-02-27 08:30:57 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-02-27 08:29:14 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-27 08:29:14 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-27 08:29:14 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-27 08:29:14 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-27 08:29:14 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-27 08:18:51 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-02-27 08:17:09 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-02-27 08:16:29 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-27 07:50:14 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-02-27 07:50:13 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-02-27 07:50:13 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-02-27 07:49:46 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-02-27 07:49:45 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-02-27 07:48:46 109056 ----a-w- c:\windows\system32\t2embed.dll
2011-02-27 07:48:43 2614272 ----a-w- c:\windows\explorer.exe
2011-02-27 07:48:42 285696 ----a-w- c:\windows\system32\winlogon.exe
2011-02-27 07:48:40 82944 ----a-w- c:\windows\system32\iccvid.dll
2011-02-27 07:48:40 197632 ----a-w- c:\windows\system32\ir32_32.dll
2011-02-27 07:48:37 516096 ----a-w- c:\program files\windows mail\wab.exe
2011-02-27 07:48:31 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-27 07:48:03 641536 ----a-w- c:\windows\system32\CPFilters.dll
2011-02-27 07:48:01 417792 ----a-w- c:\windows\system32\msdri.dll
2011-02-27 07:48:01 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-02-27 07:48:01 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-02-27 07:48:00 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-02-27 07:46:55 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2011-02-27 07:46:54 507568 ----a-w- c:\windows\system32\winload.exe
2011-02-27 07:46:53 442920 ----a-w- c:\windows\system32\winresume.exe
2011-02-27 07:46:26 530432 ----a-w- c:\windows\system32\comctl32.dll
2011-02-27 07:46:25 67584 ----a-w- c:\windows\system32\asycfilt.dll
2011-02-27 07:46:21 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-02-27 07:46:21 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-02-27 07:46:06 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-27 07:43:41 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-27 07:42:59 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-27 07:42:59 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-27 07:42:59 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-27 07:35:53 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-27 07:35:53 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-27 07:35:53 107520 ----a-w- c:\windows\system32\cdd.dll
2011-02-26 19:01:33 -------- d-----w- c:\users\wayneh~1\appdata\local\Google
2011-02-26 19:00:26 -------- d-----w- c:\users\wayneh~1\appdata\local\Deployment
2011-02-26 19:00:26 -------- d-----w- c:\users\wayneh~1\appdata\local\Apps
2011-02-26 18:11:33 -------- d-----w- c:\users\wayneh~1\appdata\roaming\Avira
2011-02-26 17:52:08 -------- d-----w- c:\users\wayneh~1\appdata\local\Diagnostics
2011-02-26 17:40:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2011-02-26 17:39:55 -------- d-----w- c:\windows\system32\Data
2011-02-26 17:39:53 230 ----a-w- c:\windows\ctrunonce.reg
2011-02-26 17:39:40 67072 ------w- c:\windows\system32\CmdRtr.dll
2011-02-26 17:39:40 105472 ------w- c:\windows\system32\APOMngr.dll
2011-02-26 17:39:36 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-26 17:39:35 1527808 ------w- c:\windows\system32\Sens_oal.dll
2011-02-26 17:39:35 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-26 17:18:22 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-26 17:18:21 -------- d-----w- c:\program files\Avira
2011-02-26 17:18:21 -------- d-----w- c:\progra~3\Avira
2011-02-26 17:15:23 -------- d-sh--w- c:\windows\Installer
2011-02-26 17:07:02 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-26 16:50:07 -------- d-----w- C:\Intel
2011-02-26 16:47:19 7062 ----a-w- c:\windows\system32\audiopid.vxd
2011-02-26 16:46:43 647872 ------w- c:\windows\system32\Mscomct2.ocx
2011-02-26 16:46:43 53248 ------w- c:\windows\Ctregrun.exe
2011-02-26 16:45:09 -------- d-----w- c:\program files\Creative
2011-02-26 16:45:00 -------- d-----w- c:\program files\common files\Creative
2011-02-26 16:44:56 -------- d--h--w- c:\program files\Creative Installation Information
2011-02-26 16:44:13 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-02-26 16:44:12 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-02-26 16:44:12 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-02-26 16:44:12 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-02-26 16:44:11 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-02-26 16:44:11 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-02-26 16:44:09 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-02-26 16:44:09 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-02-26 16:43:43 -------- d-----w- c:\windows\system32\x64
2011-02-26 16:41:53 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-02-26 16:41:50 132608 ----a-w- c:\windows\system32\cabview.dll
2011-02-26 16:35:25 761856 ----a-w- c:\windows\system32\drivers\athr.sys
2011-02-26 16:35:25 761856 ----a-w- c:\windows\system32\athr.sys
2011-02-26 16:34:55 55808 ----a-w- c:\temp\devcon.exe
2011-02-26 16:34:41 -------- d-----w- C:\temp
2011-02-26 16:34:40 -------- d-----w- c:\progra~3\TP-LINK
2011-02-26 15:09:44 -------- dc----w- c:\users\wayneh~1\appdata\local\MigWiz
2011-02-26 14:11:46 -------- d-----w- c:\users\wayneh~1\appdata\local\ElevatedDiagnostics
2011-02-26 14:04:43 -------- d-----w- c:\windows\system32\wbem\Performance
2011-02-26 13:39:42 -------- d-----w- c:\windows\Panther
.
==================== Find3M ====================
.
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 9:34:42.36 ===============
DivoMA
Active Member
 
Posts: 10
Joined: March 5th, 2011, 4:26 am
Advertisement
Register to Remove

Re: Getting redirected to Gomeo on Internet Searches

Unread postby Dakeyras » March 5th, 2011, 11:44 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Right click on TDSSKiller.exe and select Run as Administrator to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.

Note: Do not have TDSSKiller remove anything if found at this point in time!

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • TDSSKiller Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Getting redirected to Gomeo on Internet Searches

Unread postby DivoMA » March 5th, 2011, 12:37 pm

I did as you instructed and have attached the TDSSKiller.log. I did try two quick searches and didn't get redirected to Gomeo!

2011/03/05 17:21:42.0517 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2011/03/05 17:21:42.0518 ================================================================================
2011/03/05 17:21:42.0518 SystemInfo:
2011/03/05 17:21:42.0518
2011/03/05 17:21:42.0518 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/05 17:21:42.0518 Product type: Workstation
2011/03/05 17:21:42.0518 ComputerName: WAYNEHOBBS-PC
2011/03/05 17:21:42.0520 UserName: waynehobbs
2011/03/05 17:21:42.0520 Windows directory: C:\Windows
2011/03/05 17:21:42.0520 System windows directory: C:\Windows
2011/03/05 17:21:42.0520 Processor architecture: Intel x86
2011/03/05 17:21:42.0520 Number of processors: 1
2011/03/05 17:21:42.0520 Page size: 0x1000
2011/03/05 17:21:42.0520 Boot type: Normal boot
2011/03/05 17:21:42.0520 ================================================================================
2011/03/05 17:21:43.0600 Initialize success
2011/03/05 17:21:47.0853 ================================================================================
2011/03/05 17:21:47.0853 Scan started
2011/03/05 17:21:47.0853 Mode: Manual;
2011/03/05 17:21:47.0853 ================================================================================
2011/03/05 17:21:49.0009 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/05 17:21:49.0217 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/05 17:21:49.0424 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/05 17:21:49.0620 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/05 17:21:49.0839 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/05 17:21:50.0075 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/05 17:21:50.0331 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/05 17:21:50.0546 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/05 17:21:50.0728 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/05 17:21:50.0920 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/05 17:21:51.0079 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/05 17:21:51.0261 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/05 17:21:51.0446 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/05 17:21:51.0641 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/05 17:21:51.0808 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/05 17:21:52.0027 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/05 17:21:52.0194 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/05 17:21:52.0416 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/05 17:21:52.0695 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/05 17:21:52.0864 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/05 17:21:53.0027 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/05 17:21:53.0213 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/05 17:21:53.0427 athr (fa4e39b289d3a9606f03c90a933b2b1f) C:\Windows\system32\DRIVERS\athr.sys
2011/03/05 17:21:53.0681 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/03/05 17:21:53.0854 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/03/05 17:21:54.0104 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/05 17:21:54.0345 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/05 17:21:54.0584 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/05 17:21:54.0810 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/05 17:21:54.0992 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/05 17:21:55.0367 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/05 17:21:55.0522 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/05 17:21:55.0711 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/05 17:21:55.0924 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/05 17:21:56.0093 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/05 17:21:56.0258 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/05 17:21:56.0436 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/05 17:21:56.0637 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/05 17:21:56.0859 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/05 17:21:57.0079 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/05 17:21:57.0226 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/05 17:21:57.0446 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/05 17:21:57.0597 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/05 17:21:57.0759 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/05 17:21:57.0947 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/05 17:21:58.0128 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/05 17:21:58.0319 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/05 17:21:58.0610 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/05 17:21:58.0783 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/05 17:21:58.0958 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/05 17:21:59.0163 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/05 17:21:59.0375 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/03/05 17:21:59.0575 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/05 17:21:59.0822 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
2011/03/05 17:22:00.0173 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/05 17:22:00.0601 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/05 17:22:00.0805 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/05 17:22:01.0039 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/05 17:22:01.0189 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/05 17:22:01.0360 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/05 17:22:01.0543 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/05 17:22:01.0695 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/05 17:22:01.0877 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/05 17:22:02.0064 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/05 17:22:02.0274 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/05 17:22:02.0451 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/05 17:22:02.0645 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/05 17:22:02.0809 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/05 17:22:02.0976 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/05 17:22:03.0162 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/05 17:22:03.0319 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/05 17:22:03.0482 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/05 17:22:03.0665 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/05 17:22:03.0832 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/05 17:22:04.0096 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/05 17:22:04.0314 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/05 17:22:04.0511 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/05 17:22:04.0722 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/05 17:22:04.0865 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/05 17:22:05.0074 ialm (6fcb904910da07c9dc2593d66438fa29) C:\Windows\system32\DRIVERS\igxpmp32.sys
2011/03/05 17:22:05.0346 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/05 17:22:05.0577 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/05 17:22:05.0767 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/05 17:22:05.0946 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/05 17:22:06.0139 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/05 17:22:06.0331 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/05 17:22:06.0478 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/05 17:22:06.0693 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/05 17:22:06.0859 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/05 17:22:07.0004 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/05 17:22:07.0215 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/05 17:22:07.0399 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/05 17:22:07.0583 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/05 17:22:07.0733 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/05 17:22:08.0039 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/05 17:22:08.0243 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/05 17:22:08.0433 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/05 17:22:08.0604 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/05 17:22:08.0762 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/05 17:22:08.0968 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/05 17:22:09.0130 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/05 17:22:09.0329 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/05 17:22:09.0526 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/05 17:22:09.0696 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/05 17:22:09.0851 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/05 17:22:10.0063 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/05 17:22:10.0220 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/05 17:22:10.0379 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/05 17:22:10.0562 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/05 17:22:10.0707 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/05 17:22:10.0872 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/05 17:22:11.0015 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/05 17:22:11.0151 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/05 17:22:11.0277 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/05 17:22:11.0420 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/05 17:22:11.0633 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/05 17:22:11.0760 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/05 17:22:11.0906 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/05 17:22:12.0068 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/05 17:22:12.0213 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/05 17:22:12.0358 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/05 17:22:12.0491 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/05 17:22:12.0641 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/05 17:22:12.0781 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/05 17:22:12.0954 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/05 17:22:13.0115 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/05 17:22:13.0294 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/05 17:22:13.0486 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/05 17:22:13.0667 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/05 17:22:13.0852 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/05 17:22:14.0005 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/05 17:22:14.0164 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/05 17:22:14.0309 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/05 17:22:14.0465 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/05 17:22:14.0595 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/05 17:22:14.0822 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/05 17:22:14.0989 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/05 17:22:15.0138 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/05 17:22:15.0333 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/05 17:22:15.0576 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/05 17:22:15.0720 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/05 17:22:15.0897 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/05 17:22:16.0046 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/05 17:22:16.0236 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/05 17:22:16.0473 P17 (da4be540a939471779d0593b59d6ccc1) C:\Windows\system32\drivers\P17.sys
2011/03/05 17:22:16.0812 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/05 17:22:17.0013 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/05 17:22:17.0149 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/05 17:22:17.0329 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/05 17:22:17.0476 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/05 17:22:17.0656 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/05 17:22:17.0820 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/05 17:22:18.0021 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/05 17:22:18.0416 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/05 17:22:18.0578 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/05 17:22:18.0816 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/05 17:22:19.0084 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/05 17:22:19.0358 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/05 17:22:19.0566 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/05 17:22:19.0730 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/05 17:22:19.0911 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/05 17:22:20.0098 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/05 17:22:20.0300 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/05 17:22:20.0471 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/05 17:22:20.0624 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/05 17:22:20.0812 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/05 17:22:20.0965 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/05 17:22:21.0141 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/05 17:22:21.0311 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/05 17:22:21.0476 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/05 17:22:21.0649 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/05 17:22:21.0938 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/05 17:22:22.0153 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/05 17:22:22.0332 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/05 17:22:22.0521 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/05 17:22:22.0740 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/05 17:22:22.0905 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/05 17:22:23.0044 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/05 17:22:23.0290 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/05 17:22:23.0444 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/05 17:22:23.0592 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/05 17:22:23.0742 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/05 17:22:23.0950 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/05 17:22:24.0126 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/05 17:22:24.0308 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/05 17:22:24.0501 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/05 17:22:24.0727 smwdm (c80b84e4843b33da56a806e1a1275ba0) C:\Windows\system32\drivers\smwdm.sys
2011/03/05 17:22:24.0942 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/05 17:22:25.0157 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/05 17:22:25.0354 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/05 17:22:25.0545 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/05 17:22:25.0718 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/03/05 17:22:25.0921 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/05 17:22:26.0113 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/05 17:22:26.0439 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/03/05 17:22:26.0794 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/05 17:22:26.0980 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/05 17:22:27.0219 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/05 17:22:27.0382 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/05 17:22:27.0550 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/05 17:22:27.0697 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/05 17:22:27.0996 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/05 17:22:28.0165 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/05 17:22:28.0316 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/05 17:22:28.0476 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/05 17:22:28.0714 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/05 17:22:28.0875 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/05 17:22:29.0049 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/05 17:22:29.0247 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/05 17:22:29.0395 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/05 17:22:29.0555 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/05 17:22:29.0732 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/05 17:22:29.0928 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/05 17:22:30.0080 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/05 17:22:30.0237 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/05 17:22:30.0412 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/05 17:22:30.0630 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/05 17:22:30.0801 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/05 17:22:30.0974 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/05 17:22:31.0209 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/05 17:22:31.0402 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/03/05 17:22:31.0544 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/05 17:22:31.0706 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/05 17:22:31.0865 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/05 17:22:32.0063 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/05 17:22:32.0336 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/05 17:22:32.0547 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/05 17:22:32.0771 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/03/05 17:22:32.0968 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/05 17:22:33.0126 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/05 17:22:33.0157 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/05 17:22:33.0383 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/05 17:22:33.0567 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/05 17:22:33.0866 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/05 17:22:34.0069 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/05 17:22:34.0436 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/05 17:22:34.0735 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/05 17:22:34.0994 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/05 17:22:35.0145 ================================================================================
2011/03/05 17:22:35.0145 Scan finished
2011/03/05 17:22:35.0145 ================================================================================
DivoMA
Active Member
 
Posts: 10
Joined: March 5th, 2011, 4:26 am

Re: Getting redirected to Gomeo on Internet Searches

Unread postby DivoMA » March 5th, 2011, 12:39 pm

OTL.txt

OTL logfile created on: 3/5/2011 5:25:49 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\waynehobbs\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 442.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 54.54 Gb Total Space | 36.64 Gb Free Space | 67.19% Space Free | Partition Type: NTFS
Drive D: | 20.02 Gb Total Space | 1.01 Gb Free Space | 5.07% Space Free | Partition Type: NTFS

Computer Name: WAYNEHOBBS-PC | User Name: waynehobbs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\waynehobbs\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\NlsData0002wow.exe ()
PRC - C:\Windows\Vaultwow.exe ()
PRC - C:\Windows\RpcDiagwow.exe ()
PRC - C:\Windows\mscanduiwow.exe ()
PRC - C:\Windows\userenvwow.exe ()
PRC - C:\Windows\WWanHCwow.exe ()
PRC - C:\Windows\FXSEXT32wow.exe ()
PRC - C:\Users\waynehobbs\AppData\Roaming\SysWin\lsass.exe ()
PRC - C:\Windows\System32\cryptbase32.exe ()
PRC - C:\ProgramData\catsrv32.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\waynehobbs\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\waynehobbs\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (wmiApSrv32) -- C:\Windows\System32\cryptbase32.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1C D2 E7 95 07 86 1F 4F 85 79 47 54 1B C7 22 59 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1C D2 E7 95 07 86 1F 4F 85 79 47 54 1B C7 22 59 [binary data]

IE - HKU\S-1-5-21-454739822-356523886-588032832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-454739822-356523886-588032832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?rd=1
IE - HKU\S-1-5-21-454739822-356523886-588032832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-454739822-356523886-588032832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 09 D8 B2 D3 D5 CB 01 [binary data]
IE - HKU\S-1-5-21-454739822-356523886-588032832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1C D2 E7 95 07 86 1F 4F 85 79 47 54 1B C7 22 59 [binary data]
IE - HKU\S-1-5-21-454739822-356523886-588032832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-454739822-356523886-588032832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/03 09:21:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/03 09:21:21 | 000,000,000 | ---D | M]

[2011/03/03 09:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\waynehobbs\AppData\Roaming\mozilla\Extensions
[2011/03/03 09:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\waynehobbs\AppData\Roaming\mozilla\Firefox\Profiles\855fu4jg.default\extensions
[2011/03/03 09:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {95E7D21C-8607-4F1F-8579-47541BC72259} - C:\Windows\System32\api-ms-win-core-interlocked-l1-1-032.dll (Borland Software Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-454739822-356523886-588032832-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FXSEXT32wow.exe] C:\Windows\FXSEXT32wow.exe ()
O4 - HKLM..\Run: [mscanduiwow.exe] C:\Windows\mscanduiwow.exe ()
O4 - HKLM..\Run: [NlsData0002wow.exe] C:\Windows\NlsData0002wow.exe ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [RpcDiagwow.exe] C:\Windows\RpcDiagwow.exe ()
O4 - HKLM..\Run: [RTHDBPL] C:\Users\waynehobbs\AppData\Roaming\SysWin\lsass.exe ()
O4 - HKLM..\Run: [userenvwow.exe] C:\Windows\userenvwow.exe ()
O4 - HKLM..\Run: [Vaultwow.exe] C:\Windows\Vaultwow.exe ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WWanHCwow.exe] C:\Windows\WWanHCwow.exe ()
O4 - HKU\S-1-5-21-454739822-356523886-588032832-1000..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-454739822-356523886-588032832-1000..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-454739822-356523886-588032832-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-454739822-356523886-588032832-1000..\Run: [FXSEXT32wow.exe] C:\Windows\FXSEXT32wow.exe ()
O4 - HKU\S-1-5-21-454739822-356523886-588032832-1000..\Run: [mscanduiwow.exe] C:\Windows\mscanduiwow.exe ()
O4 - HKU\S-1-5-21-454739822-356523886-588032832-1000..\Run: [MtdAcqu] C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-454739822-356523886-588032832-1000..\Run: [NlsData0002wow.exe] C:\Windows\NlsData0002wow.exe ()
O4 - HKU\S-1-5-21-454739822-356523886-588032832-1000..\Run: [RpcDiagwow.exe] C:\Windows\RpcDiagwow.exe ()
O4 - HKU\S-1-5-21-454739822-356523886-588032832-1000..\Run: [userenvwow.exe] C:\Windows\userenvwow.exe ()
O4 - HKU\S-1-5-21-454739822-356523886-588032832-1000..\Run: [Vaultwow.exe] C:\Windows\Vaultwow.exe ()
O4 - HKU\S-1-5-21-454739822-356523886-588032832-1000..\Run: [WWanHCwow.exe] C:\Windows\WWanHCwow.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll (Borland Software Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/04/08 21:28:06 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 08:17:26 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/03/04 09:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2011/03/04 09:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2011/03/03 18:09:33 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\WinRAR
[2011/03/03 13:02:45 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
[2011/03/03 09:21:37 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Mozilla
[2011/03/03 09:21:37 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Mozilla
[2011/03/03 09:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/03 09:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/02 22:42:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\5CCC04302DE837ED587718F1CE31830A
[2011/03/01 22:10:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2011/03/01 22:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\464568782
[2011/03/01 22:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\908407606
[2011/03/01 22:09:26 | 000,253,952 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll
[2011/03/01 22:09:20 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\AppData\Roaming\SysWin
[2011/03/01 22:09:16 | 000,424,448 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-032.dll
[2011/03/01 15:49:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011/03/01 14:03:22 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/03/01 14:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2011/03/01 14:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/03/01 14:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/03/01 14:02:19 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\DAEMON Tools Lite
[2011/03/01 14:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/02/28 17:34:36 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Apple Computer
[2011/02/28 17:34:35 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Apple Computer
[2011/02/28 17:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/28 17:34:03 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/02/28 17:34:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/02/28 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/28 17:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/28 17:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/28 17:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/28 17:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/02/28 17:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/02/28 17:29:54 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Apple
[2011/02/28 17:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/02/28 17:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/28 17:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/02/28 17:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/02/28 08:05:26 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Opera
[2011/02/28 08:05:26 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Opera
[2011/02/28 08:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/02/27 14:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/02/27 09:29:14 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/02/27 09:29:14 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/02/27 09:29:14 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/02/27 09:18:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011/02/27 09:17:09 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/02/27 08:48:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/02/27 08:48:43 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/02/27 08:48:40 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2011/02/27 08:48:40 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/02/27 08:48:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/02/27 08:48:03 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/02/27 08:48:01 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/02/27 08:48:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/02/27 08:48:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/02/27 08:48:00 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/02/27 08:47:41 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/27 08:47:39 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/02/27 08:47:39 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/02/27 08:47:38 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/02/27 08:47:38 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/02/27 08:47:29 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/02/27 08:47:24 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/02/27 08:47:07 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/02/27 08:46:55 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/02/27 08:46:54 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/02/27 08:46:53 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/02/27 08:46:25 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/02/27 08:46:21 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/02/27 08:46:21 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/02/27 08:46:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/27 08:46:06 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/27 08:45:31 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/02/27 08:45:28 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/02/27 08:45:09 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/27 08:45:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/27 08:45:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/27 08:45:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/27 08:45:09 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/27 08:45:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/27 08:45:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/27 08:45:07 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/27 08:45:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/27 08:44:21 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/02/27 08:44:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/02/27 08:44:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/02/27 08:44:19 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/02/27 08:44:17 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/27 08:44:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/02/27 08:44:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/27 08:44:14 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/27 08:44:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/27 08:43:39 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/27 08:43:39 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/27 08:43:32 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/27 08:43:32 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/27 08:43:32 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/27 08:43:31 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/27 08:43:30 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/02/27 08:43:30 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/02/27 08:43:30 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/27 08:43:30 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/27 08:43:29 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/27 08:43:29 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/27 08:43:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/27 08:43:13 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/27 08:43:13 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/27 08:43:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/27 08:43:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/27 08:43:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/27 08:43:10 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/02/27 08:43:09 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/02/27 08:43:03 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/02/27 08:43:03 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/02/27 08:43:03 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/02/27 08:43:03 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/02/27 08:43:03 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/02/27 08:43:03 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/02/27 08:43:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/02/27 08:43:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/02/27 08:35:53 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/27 08:35:53 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/26 20:01:33 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Google
[2011/02/26 20:00:26 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Deployment
[2011/02/26 20:00:26 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Apps
[2011/02/26 19:21:15 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Creative
[2011/02/26 19:11:33 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Avira
[2011/02/26 18:52:08 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Diagnostics
[2011/02/26 18:42:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/26 18:40:05 | 000,045,568 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\ctppld.dll
[2011/02/26 18:39:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\Data
[2011/02/26 18:39:36 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/02/26 18:39:35 | 001,527,808 | ---- | C] (Sensaura) -- C:\Windows\System32\Sens_oal.dll
[2011/02/26 18:39:35 | 000,114,688 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/02/26 18:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/02/26 18:18:22 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/02/26 18:18:22 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/02/26 18:18:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/02/26 18:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/26 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/02/26 18:15:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/02/26 18:07:02 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/02/26 17:57:12 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Macromedia
[2011/02/26 17:57:11 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Adobe
[2011/02/26 17:56:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/02/26 17:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2011/02/26 17:50:07 | 000,000,000 | ---D | C] -- C:\Intel
[2011/02/26 17:46:43 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscomct2.ocx
[2011/02/26 17:46:43 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2011/02/26 17:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2011/02/26 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2011/02/26 17:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2011/02/26 17:44:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Creative Installation Information
[2011/02/26 17:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/02/26 17:43:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/02/26 17:35:25 | 000,761,856 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/02/26 17:35:25 | 000,761,856 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2011/02/26 17:35:24 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/02/26 17:34:41 | 000,000,000 | ---D | C] -- C:\temp
[2011/02/26 17:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2011/02/26 16:09:44 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\MigWiz
[2011/02/26 15:11:46 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\ElevatedDiagnostics
[2011/02/26 15:02:57 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/26 15:02:57 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Searches
[2011/02/26 15:02:57 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/26 15:02:41 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Identities
[2011/02/26 15:02:35 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Contacts
[2011/02/26 15:02:24 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\VirtualStore
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Vorlagen
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\AppData\Local\Verlauf
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\AppData\Local\Temporary Internet Files
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Startmenü
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\SendTo
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Recent
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Netzwerkumgebung
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Lokale Einstellungen
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Documents\Eigene Videos
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Documents\Eigene Musik
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Eigene Dateien
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Documents\Eigene Bilder
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Druckumgebung
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Cookies
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\AppData\Local\Anwendungsdaten
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Anwendungsdaten
[2011/02/26 15:02:20 | 000,000,000 | --SD | C] -- C:\Users\waynehobbs\AppData\Roaming\Microsoft
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Videos
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Saved Games
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Pictures
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Music
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Links
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Favorites
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Downloads
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Documents
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Desktop
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/26 15:02:20 | 000,000,000 | -H-D | C] -- C:\Users\waynehobbs\AppData
[2011/02/26 15:02:20 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Temp
[2011/02/26 15:02:20 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Microsoft
[2011/02/26 15:02:20 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Media Center Programs
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011/02/26 14:45:05 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/02/26 14:41:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/02/26 14:39:42 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/05 17:27:59 | 000,001,185 | ---- | M] () -- C:\ProgramData\1953312557
[2011/03/05 17:24:28 | 000,001,078 | ---- | M] () -- C:\Users\waynehobbs\Desktop\OTL - Verknüpfung.lnk
[2011/03/05 17:21:11 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\waynehobbs\Desktop\TDSSKiller.exe
[2011/03/05 17:08:30 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-454739822-356523886-588032832-1000UA.job
[2011/03/05 17:08:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/05 15:36:03 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-454739822-356523886-588032832-1000Core.job
[2011/03/05 13:43:19 | 000,003,742 | ---- | M] () -- C:\Windows\System32\GnuHashes.ini
[2011/03/05 09:16:00 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 09:15:59 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 09:08:12 | 000,521,216 | -HS- | M] () -- C:\Windows\NlsData0002wow.exe
[2011/03/05 09:08:01 | 000,000,144 | -HS- | M] () -- C:\ProgramData\1413940225
[2011/03/05 09:07:08 | 797,556,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/05 08:03:23 | 000,000,046 | ---- | M] () -- C:\ProgramData\54975356
[2011/03/05 07:27:21 | 000,521,216 | -HS- | M] () -- C:\Windows\Vaultwow.exe
[2011/03/04 09:59:27 | 000,001,025 | ---- | M] () -- C:\Users\waynehobbs\Desktop\Free M4a to MP3 Converter.lnk
[2011/03/04 07:59:19 | 000,521,216 | -HS- | M] () -- C:\Windows\RpcDiagwow.exe
[2011/03/03 12:55:37 | 000,522,752 | -HS- | M] () -- C:\Windows\mscanduiwow.exe
[2011/03/03 09:21:27 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/03 09:03:51 | 000,522,752 | -HS- | M] () -- C:\Windows\userenvwow.exe
[2011/03/03 07:41:46 | 000,522,752 | -HS- | M] () -- C:\Windows\WWanHCwow.exe
[2011/03/02 22:42:47 | 000,522,752 | -HS- | M] () -- C:\Windows\FXSEXT32wow.exe
[2011/03/01 22:10:04 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2011/03/01 22:09:27 | 000,000,108 | ---- | M] () -- C:\Windows\System32\2126070566
[2011/03/01 22:09:26 | 000,253,952 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll
[2011/03/01 22:09:17 | 000,222,720 | ---- | M] () -- C:\Windows\System32\catsrv32.exe
[2011/03/01 22:09:16 | 000,424,448 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-032.dll
[2011/03/01 22:09:06 | 001,457,664 | R--- | M] () -- C:\Windows\System32\cryptbase32.exe
[2011/03/01 22:09:06 | 001,457,664 | R--- | M] () -- C:\ProgramData\catsrv32.exe
[2011/03/01 14:05:48 | 000,648,466 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/03/01 14:05:48 | 000,611,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/01 14:05:48 | 000,128,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/03/01 14:05:48 | 000,105,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/01 14:03:22 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/03/01 14:02:58 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/02/28 17:34:10 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/28 17:30:26 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/27 10:53:44 | 000,198,358 | ---- | M] () -- C:\Users\waynehobbs\Documents\Rental Car Insurance.xps
[2011/02/27 09:40:34 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/26 18:42:05 | 131,662,318 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/26 18:39:53 | 000,000,230 | ---- | M] () -- C:\Windows\ctrunonce.reg
[2011/02/26 18:39:36 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/02/26 18:39:35 | 000,114,688 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/02/26 18:18:36 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/26 14:46:29 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/05 17:24:28 | 000,001,078 | ---- | C] () -- C:\Users\waynehobbs\Desktop\OTL - Verknüpfung.lnk
[2011/03/05 09:09:00 | 000,001,411 | ---- | C] () -- C:\Users\waynehobbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/03/05 09:08:14 | 000,521,216 | -HS- | C] () -- C:\Windows\NlsData0002wow.exe
[2011/03/05 07:27:23 | 000,521,216 | -HS- | C] () -- C:\Windows\Vaultwow.exe
[2011/03/04 09:59:27 | 000,001,025 | ---- | C] () -- C:\Users\waynehobbs\Desktop\Free M4a to MP3 Converter.lnk
[2011/03/04 07:59:23 | 000,521,216 | -HS- | C] () -- C:\Windows\RpcDiagwow.exe
[2011/03/04 02:29:07 | 000,522,752 | -HS- | C] () -- C:\Windows\mscanduiwow.exe
[2011/03/03 15:31:46 | 000,001,138 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-454739822-356523886-588032832-1000UA.job
[2011/03/03 15:31:44 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-454739822-356523886-588032832-1000Core.job
[2011/03/03 09:21:27 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/03 09:03:52 | 000,522,752 | -HS- | C] () -- C:\Windows\userenvwow.exe
[2011/03/03 07:41:47 | 000,522,752 | -HS- | C] () -- C:\Windows\WWanHCwow.exe
[2011/03/02 22:42:55 | 000,522,752 | -HS- | C] () -- C:\Windows\FXSEXT32wow.exe
[2011/03/02 10:59:52 | 000,000,046 | ---- | C] () -- C:\ProgramData\54975356
[2011/03/01 22:19:17 | 000,003,742 | ---- | C] () -- C:\Windows\System32\GnuHashes.ini
[2011/03/01 22:11:39 | 000,001,185 | ---- | C] () -- C:\ProgramData\1953312557
[2011/03/01 22:10:04 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2011/03/01 22:10:04 | 000,000,144 | -HS- | C] () -- C:\ProgramData\1413940225
[2011/03/01 22:09:18 | 000,000,108 | ---- | C] () -- C:\Windows\System32\2126070566
[2011/03/01 22:09:17 | 000,222,720 | ---- | C] () -- C:\Windows\System32\catsrv32.exe
[2011/03/01 14:02:58 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/03/01 12:37:06 | 001,457,664 | R--- | C] () -- C:\Windows\System32\cryptbase32.exe
[2011/03/01 12:37:06 | 001,457,664 | R--- | C] () -- C:\ProgramData\catsrv32.exe
[2011/02/28 17:34:10 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/28 17:30:26 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/28 17:29:47 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/02/27 10:53:41 | 000,198,358 | ---- | C] () -- C:\Users\waynehobbs\Documents\Rental Car Insurance.xps
[2011/02/26 18:42:05 | 131,662,318 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/26 18:39:57 | 000,008,393 | ---- | C] () -- C:\Windows\System32\CTAPO32.cat
[2011/02/26 18:39:53 | 000,000,230 | ---- | C] () -- C:\Windows\ctrunonce.reg
[2011/02/26 18:39:50 | 007,572,224 | ---- | C] () -- C:\Windows\System32\CT8MGM.SF2
[2011/02/26 18:39:49 | 004,174,814 | ---- | C] () -- C:\Windows\System32\CT4MGM.SF2
[2011/02/26 18:39:48 | 002,167,684 | ---- | C] () -- C:\Windows\System32\CT2MGM.SF2
[2011/02/26 18:39:40 | 000,105,472 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2011/02/26 18:39:40 | 000,067,072 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2011/02/26 18:18:36 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/26 17:47:19 | 000,007,062 | ---- | C] () -- C:\Windows\System32\audiopid.vxd
[2011/02/26 17:35:25 | 000,098,648 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2011/02/26 17:35:25 | 000,032,267 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2011/02/26 14:46:13 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/02/26 14:46:01 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/02/26 14:41:02 | 797,556,736 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 09:47:43 | 000,648,466 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 09:47:43 | 000,128,724 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,265,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,611,134 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,105,314 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/21 03:04:26 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2008/11/13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2006/10/06 23:19:12 | 000,200,704 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4704.dll
[2005/03/08 06:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

< End of report >
DivoMA
Active Member
 
Posts: 10
Joined: March 5th, 2011, 4:26 am

Re: Getting redirected to Gomeo on Internet Searches

Unread postby DivoMA » March 5th, 2011, 12:41 pm

OTL Extras logfile created on: 3/5/2011 5:25:49 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\waynehobbs\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 442.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 54.54 Gb Total Space | 36.64 Gb Free Space | 67.19% Space Free | Partition Type: NTFS
Drive D: | 20.02 Gb Total Space | 1.01 Gb Free Space | 5.07% Space Free | Partition Type: NTFS

Computer Name: WAYNEHOBBS-PC | User Name: waynehobbs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-454739822-356523886-588032832-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2011 11:14:08 AM | Computer Name = waynehobbs-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1529

Error - 3/5/2011 11:14:08 AM | Computer Name = waynehobbs-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1529

Error - 3/5/2011 11:14:09 AM | Computer Name = waynehobbs-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/5/2011 11:14:09 AM | Computer Name = waynehobbs-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2793

Error - 3/5/2011 11:14:09 AM | Computer Name = waynehobbs-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2793

Error - 3/5/2011 11:14:10 AM | Computer Name = waynehobbs-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/5/2011 11:14:10 AM | Computer Name = waynehobbs-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4134

Error - 3/5/2011 11:14:10 AM | Computer Name = waynehobbs-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4134

Error - 3/5/2011 11:14:12 AM | Computer Name = waynehobbs-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/5/2011 11:14:12 AM | Computer Name = waynehobbs-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5398

[ System Events ]
Error - 3/4/2011 8:23:22 AM | Computer Name = waynehobbs-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.

Error - 3/4/2011 1:53:09 PM | Computer Name = waynehobbs-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.

Error - 3/4/2011 4:13:46 PM | Computer Name = waynehobbs-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.

Error - 3/4/2011 4:14:00 PM | Computer Name = waynehobbs-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Bonjour Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 3/5/2011 5:58:47 AM | Computer Name = waynehobbs-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.

Error - 3/5/2011 6:02:36 AM | Computer Name = waynehobbs-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.

Error - 3/5/2011 6:03:09 AM | Computer Name = waynehobbs-PC | Source = DCOM | ID = 10010
Description =

Error - 3/5/2011 6:03:07 AM | Computer Name = waynehobbs-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Schedule erreicht.

Error - 3/5/2011 8:35:01 AM | Computer Name = waynehobbs-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst defragsvc erreicht.

Error - 3/5/2011 8:35:02 AM | Computer Name = waynehobbs-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.


< End of report >
DivoMA
Active Member
 
Posts: 10
Joined: March 5th, 2011, 4:26 am

Re: Getting redirected to Gomeo on Internet Searches

Unread postby Dakeyras » March 5th, 2011, 2:11 pm

Hi. :)

I did as you instructed and have attached the TDSSKiller.log. I did try two quick searches and didn't get redirected to Gomeo!
OK and thanks for the update!

Hard-Drive Free Space Advice:

This relates to the below, you may be using it as a backup store and or it may be just a partition spilt from the main drive:-
Drive D: | 20.02 Gb Total Space | 1.01 Gb Free Space | 5.07% Space Free | Partition Type: NTFS
This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my opinion.

Next:

DAEMON Tools Toolbar has some undesirable characteristics and comes bundled with adware, you may however keep DAEMON Tools Lite installed.

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

DAEMON Tools Toolbar

To do so click once on the above to highlight then click on Uninstall/Change and follow the prompts.

Next:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe and select Run as Administrator to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:dir
C:\ProgramData\1953312557 /sub
C:\ProgramData\1413940225 /sub
C:\ProgramData\54975356 /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:OTL
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-454739822-356523886-588032832-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

:Files
ipconfig /flushdns /c
C:\Program Files\DAEMON Tools Toolbar

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click mbam-setup.exe and select Run as Administrator then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • SystemLook Log.
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Getting redirected to Gomeo on Internet Searches

Unread postby DivoMA » March 6th, 2011, 5:13 am

The system seems to be MUCH faster and no more diverts! This is a question to your comment about the HD......a friend set that up and I'm not sure what he did! How do I make that partition larger?

Logs to follow!

SystemLook 04.09.10 by jpshortstuff
Log created at 19:17 on 05/03/2011 by waynehobbs
Administrator - Elevation successful

========== dir ==========

C:\ProgramData\1953312557 - Unable to find folder.

C:\ProgramData\1413940225 - Unable to find folder.

C:\ProgramData\54975356 - Unable to find folder.

-= EOF =-


Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 5966

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/5/2011 7:44:49 PM
mbam-log-2011-03-05 (19-44-49).txt

Scan type: Quick scan
Objects scanned: 137357
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 20
Memory Modules Infected: 3
Registry Keys Infected: 6
Registry Values Infected: 19
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 39

Memory Processes Infected:
c:\Windows\System32\cryptbase32.exe (Trojan.Tracur.S) -> 1932 -> Unloaded process successfully.
c:\programdata\catsrv32.exe (Trojan.Tracur.S) -> 356 -> Unloaded process successfully.
c:\Windows\msoeacctwow.exe (Trojan.Tracur.S) -> 2444 -> Unloaded process successfully.
c:\Windows\msoeacctwow.exe (Trojan.Tracur.S) -> 3228 -> Unloaded process successfully.
c:\Users\waynehobbs\AppData\Roaming\SysWin\lsass.exe (Trojan.Tracur.S) -> 2984 -> Unloaded process successfully.
c:\Windows\fxsext32wow.exe (Trojan.Tracur.S) -> 3004 -> Unloaded process successfully.
c:\Windows\fxsext32wow.exe (Trojan.Tracur.S) -> 3532 -> Unloaded process successfully.
c:\Windows\wwanhcwow.exe (Trojan.Tracur.S) -> 3012 -> Unloaded process successfully.
c:\Windows\wwanhcwow.exe (Trojan.Tracur.S) -> 3524 -> Unloaded process successfully.
c:\Windows\userenvwow.exe (Trojan.Tracur.S) -> 3028 -> Unloaded process successfully.
c:\Windows\userenvwow.exe (Trojan.Tracur.S) -> 3540 -> Unloaded process successfully.
c:\Windows\mscanduiwow.exe (Trojan.Tracur.S) -> 3040 -> Unloaded process successfully.
c:\Windows\mscanduiwow.exe (Trojan.Tracur.S) -> 3612 -> Unloaded process successfully.
c:\Windows\rpcdiagwow.exe (Trojan.Tracur.S) -> 3128 -> Unloaded process successfully.
c:\Windows\rpcdiagwow.exe (Trojan.Tracur.S) -> 3628 -> Unloaded process successfully.
c:\Windows\Vaultwow.exe (Trojan.Tracur.S) -> 3156 -> Unloaded process successfully.
c:\Windows\Vaultwow.exe (Trojan.Tracur.S) -> 3620 -> Unloaded process successfully.
c:\Windows\nlsdata0002wow.exe (Trojan.Tracur.S) -> 3188 -> Unloaded process successfully.
c:\Windows\nlsdata0002wow.exe (Trojan.Tracur.S) -> 3636 -> Unloaded process successfully.
c:\Windows\kbdtatwow.exe (Trojan.Tracur.S) -> 3220 -> Unloaded process successfully.

Memory Modules Infected:
c:\Windows\System32\api-ms-win-core-interlocked-l1-1-032.dll (Trojan.Tracur.S) -> Delete on reboot.
c:\programdata\api-ms-win-core-interlocked-l1-1-032.dll (Trojan.Tracur.S) -> Delete on reboot.
c:\Windows\System32\config\systemprofile\AppData\Roaming\FDAF.tmp (Trojan.Tracur.S) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{95E7D21C-8607-4F1F-8579-47541BC72259} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95E7D21C-8607-4F1F-8579-47541BC72259} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{95E7D21C-8607-4F1F-8579-47541BC72259} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{95E7D21C-8607-4F1F-8579-47541BC72259} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wmiApSrv32 (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msoeacctwow.exe (Trojan.Tracur.S) -> Value: msoeacctwow.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msoeacctwow.exe (Trojan.Tracur.S) -> Value: msoeacctwow.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDBPL (Trojan.Tracur.S) -> Value: RTHDBPL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FXSEXT32wow.exe (Trojan.Tracur.S) -> Value: FXSEXT32wow.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FXSEXT32wow.exe (Trojan.Tracur.S) -> Value: FXSEXT32wow.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WWanHCwow.exe (Trojan.Tracur.S) -> Value: WWanHCwow.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WWanHCwow.exe (Trojan.Tracur.S) -> Value: WWanHCwow.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userenvwow.exe (Trojan.Tracur.S) -> Value: userenvwow.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userenvwow.exe (Trojan.Tracur.S) -> Value: userenvwow.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscanduiwow.exe (Trojan.Tracur.S) -> Value: mscanduiwow.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscanduiwow.exe (Trojan.Tracur.S) -> Value: mscanduiwow.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RpcDiagwow.exe (Trojan.Tracur.S) -> Value: RpcDiagwow.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RpcDiagwow.exe (Trojan.Tracur.S) -> Value: RpcDiagwow.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vaultwow.exe (Trojan.Tracur.S) -> Value: Vaultwow.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vaultwow.exe (Trojan.Tracur.S) -> Value: Vaultwow.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NlsData0002wow.exe (Trojan.Tracur.S) -> Value: NlsData0002wow.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NlsData0002wow.exe (Trojan.Tracur.S) -> Value: NlsData0002wow.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KBDTATwow.exe (Trojan.Tracur.S) -> Value: KBDTATwow.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KBDTATwow.exe (Trojan.Tracur.S) -> Value: KBDTATwow.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.S) -> Bad: (C:\ProgramData\api-ms-win-core-interlocked-l1-1-032.dll) Good: () -> Quarantined and deleted successfully.

Folders Infected:
c:\programdata\464568782 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\908407606 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\Users\waynehobbs\AppData\Roaming\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\System32\api-ms-win-core-interlocked-l1-1-032.dll (Trojan.Tracur.S) -> Delete on reboot.
c:\Windows\System32\cryptbase32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\programdata\api-ms-win-core-interlocked-l1-1-032.dll (Trojan.Tracur.S) -> Delete on reboot.
c:\Windows\System32\config\systemprofile\AppData\Roaming\FDAF.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\programdata\catsrv32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\msoeacctwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Users\waynehobbs\AppData\Roaming\SysWin\lsass.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\fxsext32wow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\wwanhcwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\userenvwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\mscanduiwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\rpcdiagwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\Vaultwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\nlsdata0002wow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\kbdtatwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\66CD.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\E5B6.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\System32\catsrv32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\02000000866714861184c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\02000000866714861184o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\02000000866714861184p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\02000000866714861184s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000866714861184c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000866714861184o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000866714861184p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000866714861184s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\gnuhashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\programdata\464568782\frt0.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\464568782\frt0.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\464568782\frt1.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\464568782\frt1.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\464568782\frt2.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\464568782\frt2.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\464568782\frt3.rar (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\464568782\frt3.rar.ver (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\908407606\new.i0.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\908407606\new.i1.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\908407606\new.i2.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\programdata\908407606\new.i3.kwd (Rogue.Multiple) -> Quarantined and deleted successfully.
DivoMA
Active Member
 
Posts: 10
Joined: March 5th, 2011, 4:26 am

Re: Getting redirected to Gomeo on Internet Searches

Unread postby Dakeyras » March 6th, 2011, 8:16 am

Hi. :)

The system seems to be MUCH faster and no more diverts!
Good.

This is a question to your comment about the HD......a friend set that up and I'm not sure what he did! How do I make that partition larger?
Actually the easier option would be too create some extra free space by either deleting anything not really needed and or moving items you do require to say a form of removable storage media for example.

Now it may be possible to make the partition larger via Disk Management but this can be problematic with Windows 7. There is a tutorial for such here by a MVP:-

How To Resize A Partition In Windows Vista & Windows 7, using Disk Management.

Though personally I advise you think about this before attempting such and do not do so during the course of the Malware Removal process. Overall you would be probably better seeking advice about his matter in a specific IT Support forum(I can provide the links if you so wish) as primarily I provide Anti-Malware support only as does this forum.

Next:

Please post the log from the OTL Custom Script, it can be located as follows:-

Start(Windows 7 Orb) >> Computer >> C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Re-scan with Malwarebytes Anti-Malware:

Judging by the amount of infections removed I deem it prudent to actually perform a full scan as a precaution.

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform full scan. <-- Select both your installed Hard-Drives C & D.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check(tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Getting redirected to Gomeo on Internet Searches

Unread postby DivoMA » March 6th, 2011, 10:55 am

It seems to be running well!

This is all that was there!

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 5972

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/6/2011 3:49:19 PM
mbam-log-2011-03-06 (15-49-19).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 240761
Time elapsed: 2 hour(s), 20 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\5ccc04302de837ed587718f1ce31830a\b\bint1 (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Users\waynehobbs\AppData\Local\virtualstore\programdata\5ccc04302de837ed587718f1ce31830a\b\bint1 (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Users\waynehobbs\downloads\backups\backup-20110305-092035-526.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\196.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\197.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
DivoMA
Active Member
 
Posts: 10
Joined: March 5th, 2011, 4:26 am

Re: Getting redirected to Gomeo on Internet Searches

Unread postby Dakeyras » March 6th, 2011, 11:49 am

Hi. :)

It seems to be running well!
Good!

This is all that was there!
Hmmm strange, did you encounter any problems when running the custom script with OTL at all?

Anyway please post a new OTL log and we will go from there.

Right-click on OTL.exe and select Run as Administrator, then click on Run Scan. Post the new log that opens in your next reply, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Getting redirected to Gomeo on Internet Searches

Unread postby DivoMA » March 6th, 2011, 12:48 pm

OTL logfile created on: 3/6/2011 5:43:06 PM - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\waynehobbs\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 463.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 54.54 Gb Total Space | 36.39 Gb Free Space | 66.71% Space Free | Partition Type: NTFS
Drive D: | 20.02 Gb Total Space | 1.02 Gb Free Space | 5.08% Space Free | Partition Type: NTFS

Computer Name: WAYNEHOBBS-PC | User Name: waynehobbs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\waynehobbs\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\waynehobbs\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\waynehobbs\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 09 D8 B2 D3 D5 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1C D2 E7 95 07 86 1F 4F 85 79 47 54 1B C7 22 59 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 18:28:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 18:28:16 | 000,000,000 | ---D | M]

[2011/03/03 09:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\waynehobbs\AppData\Roaming\mozilla\Extensions
[2011/03/03 09:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\waynehobbs\AppData\Roaming\mozilla\Firefox\Profiles\855fu4jg.default\extensions
[2011/03/03 09:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

O1 HOSTS File: ([2011/03/05 19:23:43 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MtdAcqu] C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/04/08 21:28:06 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 19:34:09 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Malwarebytes
[2011/03/05 19:33:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/05 19:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/05 19:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/05 19:33:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/05 19:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/05 19:23:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/05 19:21:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/05 19:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/03/05 19:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/05 18:20:03 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\Desktop\Malware Reports
[2011/03/05 08:17:26 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/03/04 09:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2011/03/04 09:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2011/03/03 18:09:33 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\WinRAR
[2011/03/03 13:02:45 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
[2011/03/03 09:21:37 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Mozilla
[2011/03/03 09:21:37 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Mozilla
[2011/03/03 09:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/03 09:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/02 22:42:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\5CCC04302DE837ED587718F1CE31830A
[2011/03/01 22:10:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2011/03/01 15:49:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011/03/01 14:03:22 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/03/01 14:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/03/01 14:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/03/01 14:02:19 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\DAEMON Tools Lite
[2011/03/01 14:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/02/28 17:34:36 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Apple Computer
[2011/02/28 17:34:35 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Apple Computer
[2011/02/28 17:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/28 17:34:03 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/02/28 17:34:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/02/28 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/28 17:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/28 17:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/28 17:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/28 17:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/02/28 17:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/02/28 17:29:54 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Apple
[2011/02/28 17:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/02/28 17:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/28 17:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/02/28 17:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/02/28 08:05:26 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Opera
[2011/02/28 08:05:26 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Opera
[2011/02/28 08:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/02/27 14:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/02/27 09:29:14 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/02/27 09:29:14 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/02/27 09:29:14 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/02/27 09:18:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011/02/27 09:17:09 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/02/27 08:48:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/02/27 08:48:43 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/02/27 08:48:40 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2011/02/27 08:48:40 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/02/27 08:48:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/02/27 08:48:03 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/02/27 08:48:01 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/02/27 08:48:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/02/27 08:48:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/02/27 08:48:00 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/02/27 08:47:41 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/27 08:47:39 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/02/27 08:47:39 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/02/27 08:47:38 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/02/27 08:47:38 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/02/27 08:47:29 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/02/27 08:47:24 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/02/27 08:47:07 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/02/27 08:46:55 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/02/27 08:46:54 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/02/27 08:46:53 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/02/27 08:46:25 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/02/27 08:46:21 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/02/27 08:46:21 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/02/27 08:46:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/27 08:46:06 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/27 08:45:31 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/02/27 08:45:28 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/02/27 08:45:09 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/27 08:45:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/27 08:45:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/27 08:45:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/27 08:45:09 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/27 08:45:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/27 08:45:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/27 08:45:07 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/27 08:45:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/27 08:44:21 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/02/27 08:44:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/02/27 08:44:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/02/27 08:44:19 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/02/27 08:44:17 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/27 08:44:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/02/27 08:44:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/27 08:44:14 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/27 08:44:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/27 08:43:39 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/27 08:43:39 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/27 08:43:32 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/27 08:43:32 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/27 08:43:32 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/27 08:43:31 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/27 08:43:30 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/02/27 08:43:30 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/02/27 08:43:30 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/27 08:43:30 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/27 08:43:29 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/27 08:43:29 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/27 08:43:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/27 08:43:13 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/27 08:43:13 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/27 08:43:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/27 08:43:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/27 08:43:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/27 08:43:10 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/02/27 08:43:09 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/02/27 08:43:03 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/02/27 08:43:03 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/02/27 08:43:03 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/02/27 08:43:03 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/02/27 08:43:03 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/02/27 08:43:03 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/02/27 08:43:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/02/27 08:43:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/02/27 08:35:53 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/27 08:35:53 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/26 20:01:33 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Google
[2011/02/26 20:00:26 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Deployment
[2011/02/26 20:00:26 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Apps
[2011/02/26 19:21:15 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Creative
[2011/02/26 19:11:33 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Avira
[2011/02/26 18:52:08 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Diagnostics
[2011/02/26 18:42:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/26 18:40:05 | 000,045,568 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\ctppld.dll
[2011/02/26 18:39:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\Data
[2011/02/26 18:39:36 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/02/26 18:39:35 | 001,527,808 | ---- | C] (Sensaura) -- C:\Windows\System32\Sens_oal.dll
[2011/02/26 18:39:35 | 000,114,688 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/02/26 18:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/02/26 18:18:22 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/02/26 18:18:22 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/02/26 18:18:22 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/02/26 18:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/26 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/02/26 18:15:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/02/26 18:07:02 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/02/26 17:57:12 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Macromedia
[2011/02/26 17:57:11 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Adobe
[2011/02/26 17:56:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/02/26 17:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2011/02/26 17:50:07 | 000,000,000 | ---D | C] -- C:\Intel
[2011/02/26 17:46:43 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscomct2.ocx
[2011/02/26 17:46:43 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2011/02/26 17:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2011/02/26 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2011/02/26 17:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2011/02/26 17:44:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Creative Installation Information
[2011/02/26 17:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/02/26 17:43:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/02/26 17:35:25 | 000,761,856 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/02/26 17:35:25 | 000,761,856 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2011/02/26 17:35:24 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/02/26 17:34:41 | 000,000,000 | ---D | C] -- C:\temp
[2011/02/26 17:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2011/02/26 16:09:44 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\MigWiz
[2011/02/26 15:11:46 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\ElevatedDiagnostics
[2011/02/26 15:02:57 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/26 15:02:57 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Searches
[2011/02/26 15:02:57 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/26 15:02:41 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Identities
[2011/02/26 15:02:35 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Contacts
[2011/02/26 15:02:24 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\VirtualStore
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Vorlagen
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\AppData\Local\Verlauf
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\AppData\Local\Temporary Internet Files
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Startmenü
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\SendTo
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Recent
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Netzwerkumgebung
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Lokale Einstellungen
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Documents\Eigene Videos
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Documents\Eigene Musik
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Eigene Dateien
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Documents\Eigene Bilder
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Druckumgebung
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Cookies
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\AppData\Local\Anwendungsdaten
[2011/02/26 15:02:21 | 000,000,000 | -HSD | C] -- C:\Users\waynehobbs\Anwendungsdaten
[2011/02/26 15:02:20 | 000,000,000 | --SD | C] -- C:\Users\waynehobbs\AppData\Roaming\Microsoft
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Videos
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Saved Games
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Pictures
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Music
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Links
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Favorites
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Downloads
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Documents
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\Desktop
[2011/02/26 15:02:20 | 000,000,000 | R--D | C] -- C:\Users\waynehobbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/26 15:02:20 | 000,000,000 | -H-D | C] -- C:\Users\waynehobbs\AppData
[2011/02/26 15:02:20 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Temp
[2011/02/26 15:02:20 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Local\Microsoft
[2011/02/26 15:02:20 | 000,000,000 | ---D | C] -- C:\Users\waynehobbs\AppData\Roaming\Media Center Programs
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011/02/26 15:02:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011/02/26 14:45:05 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/02/26 14:41:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/02/26 14:39:42 | 000,000,000 | ---D | C] -- C:\Windows\Panther

========== Files - Modified Within 30 Days ==========

[2011/03/06 17:36:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-454739822-356523886-588032832-1000UA.job
[2011/03/06 17:34:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/06 15:59:36 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/06 15:59:36 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/06 15:51:42 | 797,556,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/06 15:36:05 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-454739822-356523886-588032832-1000Core.job
[2011/03/05 19:41:54 | 000,001,185 | ---- | M] () -- C:\ProgramData\1953312557
[2011/03/05 19:33:59 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/05 19:26:26 | 000,000,144 | -HS- | M] () -- C:\ProgramData\1413940225
[2011/03/05 19:23:43 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/03/05 19:20:15 | 000,000,896 | ---- | M] () -- C:\Users\waynehobbs\Desktop\NTREGOPT.lnk
[2011/03/05 19:20:15 | 000,000,877 | ---- | M] () -- C:\Users\waynehobbs\Desktop\ERUNT.lnk
[2011/03/05 19:16:16 | 000,000,720 | ---- | M] () -- C:\Users\waynehobbs\Desktop\SystemLook - Verknüpfung.lnk
[2011/03/05 17:24:28 | 000,001,078 | ---- | M] () -- C:\Users\waynehobbs\Desktop\OTL - Verknüpfung.lnk
[2011/03/05 17:21:11 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\waynehobbs\Desktop\TDSSKiller.exe
[2011/03/05 08:03:23 | 000,000,046 | ---- | M] () -- C:\ProgramData\54975356
[2011/03/04 09:59:27 | 000,001,025 | ---- | M] () -- C:\Users\waynehobbs\Desktop\Free M4a to MP3 Converter.lnk
[2011/03/03 09:21:27 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/01 22:10:04 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2011/03/01 22:09:27 | 000,000,108 | ---- | M] () -- C:\Windows\System32\2126070566
[2011/03/01 14:05:48 | 000,648,466 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/03/01 14:05:48 | 000,611,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/01 14:05:48 | 000,128,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/03/01 14:05:48 | 000,105,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/01 14:03:22 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/03/01 14:02:58 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/02/28 17:34:10 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/28 17:30:26 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/27 10:53:44 | 000,198,358 | ---- | M] () -- C:\Users\waynehobbs\Documents\Rental Car Insurance.xps
[2011/02/27 09:40:34 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/26 18:42:05 | 131,662,318 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/26 18:39:53 | 000,000,230 | ---- | M] () -- C:\Windows\ctrunonce.reg
[2011/02/26 18:39:36 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/02/26 18:39:35 | 000,114,688 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/02/26 18:18:36 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/26 14:46:29 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2011/03/05 19:33:59 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/05 19:20:15 | 000,000,896 | ---- | C] () -- C:\Users\waynehobbs\Desktop\NTREGOPT.lnk
[2011/03/05 19:20:15 | 000,000,877 | ---- | C] () -- C:\Users\waynehobbs\Desktop\ERUNT.lnk
[2011/03/05 19:16:16 | 000,000,720 | ---- | C] () -- C:\Users\waynehobbs\Desktop\SystemLook - Verknüpfung.lnk
[2011/03/05 17:24:28 | 000,001,078 | ---- | C] () -- C:\Users\waynehobbs\Desktop\OTL - Verknüpfung.lnk
[2011/03/05 09:09:00 | 000,001,411 | ---- | C] () -- C:\Users\waynehobbs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/03/04 09:59:27 | 000,001,025 | ---- | C] () -- C:\Users\waynehobbs\Desktop\Free M4a to MP3 Converter.lnk
[2011/03/03 15:31:46 | 000,001,138 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-454739822-356523886-588032832-1000UA.job
[2011/03/03 15:31:44 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-454739822-356523886-588032832-1000Core.job
[2011/03/03 09:21:27 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/02 10:59:52 | 000,000,046 | ---- | C] () -- C:\ProgramData\54975356
[2011/03/01 22:11:39 | 000,001,185 | ---- | C] () -- C:\ProgramData\1953312557
[2011/03/01 22:10:04 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2011/03/01 22:10:04 | 000,000,144 | -HS- | C] () -- C:\ProgramData\1413940225
[2011/03/01 22:09:18 | 000,000,108 | ---- | C] () -- C:\Windows\System32\2126070566
[2011/03/01 14:02:58 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/02/28 17:34:10 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/28 17:30:26 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/28 17:29:47 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/02/27 10:53:41 | 000,198,358 | ---- | C] () -- C:\Users\waynehobbs\Documents\Rental Car Insurance.xps
[2011/02/26 18:42:05 | 131,662,318 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/26 18:39:57 | 000,008,393 | ---- | C] () -- C:\Windows\System32\CTAPO32.cat
[2011/02/26 18:39:53 | 000,000,230 | ---- | C] () -- C:\Windows\ctrunonce.reg
[2011/02/26 18:39:50 | 007,572,224 | ---- | C] () -- C:\Windows\System32\CT8MGM.SF2
[2011/02/26 18:39:49 | 004,174,814 | ---- | C] () -- C:\Windows\System32\CT4MGM.SF2
[2011/02/26 18:39:48 | 002,167,684 | ---- | C] () -- C:\Windows\System32\CT2MGM.SF2
[2011/02/26 18:39:40 | 000,105,472 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2011/02/26 18:39:40 | 000,067,072 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2011/02/26 18:18:36 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/26 17:47:19 | 000,007,062 | ---- | C] () -- C:\Windows\System32\audiopid.vxd
[2011/02/26 17:35:25 | 000,098,648 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2011/02/26 17:35:25 | 000,032,267 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2011/02/26 14:46:13 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/02/26 14:46:01 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/02/26 14:41:02 | 797,556,736 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 09:47:43 | 000,648,466 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 09:47:43 | 000,128,724 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,265,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,611,134 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,105,314 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/21 03:04:26 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2008/11/13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2006/10/06 23:19:12 | 000,200,704 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4704.dll
[2005/03/08 06:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

< End of report >
DivoMA
Active Member
 
Posts: 10
Joined: March 5th, 2011, 4:26 am

Re: Getting redirected to Gomeo on Internet Searches

Unread postby Dakeyras » March 6th, 2011, 4:50 pm

Hi. :)

You neglected to answer my query:-
did you encounter any problems when running the custom script with OTL at all?
Not a problem however and I have pinpointed the issue.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:Files
C:\ProgramData\1413940225
C:\ProgramData\1953312557
C:\ProgramData\54975356
C:\Windows\System32\2126070566

:Commands
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 Users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • ESET Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Getting redirected to Gomeo on Internet Searches

Unread postby DivoMA » March 6th, 2011, 8:01 pm

Computer seems to be functioning well!

All processes killed
========== FILES ==========
C:\ProgramData\1413940225 moved successfully.
C:\ProgramData\1953312557 moved successfully.
C:\ProgramData\54975356 moved successfully.
C:\Windows\System32\2126070566 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: waynehobbs
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 37517 bytes
->FireFox cache emptied: 88767731 bytes
->Opera cache emptied: 10196429 bytes
->Flash cache emptied: 611 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7435388 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 102.00 mb



OTL by OldTimer - Version 3.2.22.2 log created on 03062011_230058

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


C:\ProgramData\SysWoW32\@u1582108171v1 a variant of Win32/Kryptik.LCS trojan
C:\ProgramData\SysWoW32\@u1582108171v2 a variant of Win32/Kryptik.LCS trojan
C:\ProgramData\SysWoW32\@u1582108171v3 a variant of Win32/Kryptik.LCS trojan
C:\Users\All Users\SysWoW32\@u1582108171v1 a variant of Win32/Kryptik.LCS trojan
C:\Users\All Users\SysWoW32\@u1582108171v2 a variant of Win32/Kryptik.LCS trojan
C:\Users\All Users\SysWoW32\@u1582108171v3 a variant of Win32/Kryptik.LCS trojan
DivoMA
Active Member
 
Posts: 10
Joined: March 5th, 2011, 4:26 am

Re: Getting redirected to Gomeo on Internet Searches

Unread postby Dakeyras » March 7th, 2011, 6:36 am

Hi. :)

Computer seems to be functioning well!
Good!

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:Files
C:\ProgramData\SysWoW32\@u1582108171v1 
C:\ProgramData\SysWoW32\@u1582108171v2 
C:\ProgramData\SysWoW32\@u1582108171v3 
C:\Users\All Users\SysWoW32\@u1582108171v1 
C:\Users\All Users\SysWoW32\@u1582108171v2 
C:\Users\All Users\SysWoW32\@u1582108171v3 

:Commands
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Update FireFox:

  • Launch the browser >> Help >> Check for Updates...
  • Click on the Update Firefox tab when prompted too upgrade to v3.6.15.
  • Restart Firefox when prompted.

Random Access Memory Advice:

1,014.00 Mb Total Physical Memory | 463.00 Mb Available Physical Memory | 46.00% Memory free
Though Microsoft claims the 32bit version of Windows 7 will run with a mere 1GB installed in my humble opinion a minimum of at least 2GB is far better.

If you wish to upgrade the installed memory, Crucial have a small scanner(CrucialScan.exe) which is perfectly safe to download and run. Which will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Getting redirected to Gomeo on Internet Searches

Unread postby DivoMA » March 7th, 2011, 7:59 am

Computer is running very well! No redirects and seems to be faster!

All processes killed
========== FILES ==========
C:\ProgramData\SysWoW32\@u1582108171v1 moved successfully.
C:\ProgramData\SysWoW32\@u1582108171v2 moved successfully.
C:\ProgramData\SysWoW32\@u1582108171v3 moved successfully.
File\Folder C:\Users\All Users\SysWoW32\@u1582108171v1 not found.
File\Folder C:\Users\All Users\SysWoW32\@u1582108171v2 not found.
File\Folder C:\Users\All Users\SysWoW32\@u1582108171v3 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: waynehobbs
->Temp folder emptied: 17956 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->FireFox cache emptied: 65517101 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 611 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 63.00 mb



OTL by OldTimer - Version 3.2.22.2 log created on 03072011_125251

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
DivoMA
Active Member
 
Posts: 10
Joined: March 5th, 2011, 4:26 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware