Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Hijacked

Unread postby Deucebot » March 25th, 2011, 5:32 pm

I am infected with some kind of google hijack that occasionally redirects me to flurrysearch, infomash, tazinga, etc. when I click on a search result. I have searched for a cure and have attempted various remedies based on what has worked for others but have struck out so far. I do not use P2P programs o any cracked software. Please help!

DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Prestwood at 17:23:57.43 on Fri 03/25/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1132 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\PRESTW~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Prestwood\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.jasc.com/command.asp?app=dpa ... A01B1799D4
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: intuit.com\ttlc
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/share ... insctl.cab
DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} - hxxp://media.labs.live.com/all/ps/_code_/Photosynth.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 2383646485
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\prestw~1\applic~1\mozilla\firefox\profiles\til7qpzr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\prestwood\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\prestwood\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - Ext: Better Gmail 2: bettergmail2@ginatrapani.org - %profile%\extensions\bettergmail2@ginatrapani.org
FF - Ext: GMarks: {A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83} - %profile%\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: XULRunner: {8171DA7A-4151-4329-A8B0-E0896E93B069} - c:\documents and settings\prestwood\local settings\application data\{8171DA7A-4151-4329-A8B0-E0896E93B069}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-10 299984]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-3-23 18816]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2006-7-8 2560]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5cd.tmp --> c:\windows\system32\5CD.tmp [?]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon downloader\amazongsdownloaderservice.exe --> c:\program files\amazon\amazon downloader\AmazonGSDownloaderService.exe [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-03-23 13:34:12 6329 --sha-w- c:\windows\system32\mmf.sys
2011-02-13 15:32:59 0 ----a-w- c:\windows\Kcenu.bin
2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:30:10.07 ===============


ATTACH:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/8/2006 2:13:37 PM
System Uptime: 3/23/2011 6:25:43 PM (47 hours ago)
.
Motherboard: Dell Inc. | | 0MG532
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 1830/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 87 GiB total, 1.463 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1201: 1/13/2011 7:44:54 PM - System Checkpoint
RP1202: 1/15/2011 11:17:29 AM - System Checkpoint
RP1203: 1/16/2011 6:00:47 PM - System Checkpoint
RP1204: 1/18/2011 8:22:07 AM - System Checkpoint
RP1205: 1/19/2011 9:39:09 AM - System Checkpoint
RP1206: 1/20/2011 9:58:37 AM - System Checkpoint
RP1207: 1/21/2011 10:40:42 AM - System Checkpoint
RP1208: 1/22/2011 11:01:44 AM - System Checkpoint
RP1209: 1/23/2011 12:02:11 PM - System Checkpoint
RP1210: 1/24/2011 7:56:49 PM - System Checkpoint
RP1211: 1/25/2011 7:58:47 PM - System Checkpoint
RP1212: 1/26/2011 8:35:20 PM - System Checkpoint
RP1213: 1/27/2011 10:48:10 PM - System Checkpoint
RP1214: 1/29/2011 12:30:28 PM - System Checkpoint
RP1215: 1/30/2011 1:40:57 PM - System Checkpoint
RP1216: 2/1/2011 12:57:49 PM - System Checkpoint
RP1217: 2/2/2011 1:46:48 PM - System Checkpoint
RP1218: 2/3/2011 7:41:46 PM - System Checkpoint
RP1219: 2/4/2011 8:17:13 PM - System Checkpoint
RP1220: 2/5/2011 9:10:29 PM - System Checkpoint
RP1221: 2/6/2011 11:15:38 PM - System Checkpoint
RP1222: 2/7/2011 11:57:11 PM - System Checkpoint
RP1223: 2/9/2011 8:27:35 AM - Software Distribution Service 3.0
RP1224: 2/10/2011 9:48:31 AM - System Checkpoint
RP1225: 2/11/2011 11:02:46 PM - System Checkpoint
RP1226: 2/13/2011 1:35:29 AM - System Checkpoint
RP1227: 2/14/2011 9:26:10 AM - System Checkpoint
RP1228: 2/15/2011 11:21:53 PM - System Checkpoint
RP1229: 2/17/2011 9:49:40 PM - System Checkpoint
RP1230: 2/19/2011 11:56:54 AM - System Checkpoint
RP1231: 2/20/2011 12:32:16 PM - System Checkpoint
RP1232: 2/21/2011 12:55:15 PM - System Checkpoint
RP1233: 2/22/2011 7:25:54 PM - System Checkpoint
RP1234: 2/26/2011 11:35:06 PM - System Checkpoint
RP1235: 2/28/2011 12:24:07 AM - System Checkpoint
RP1236: 2/28/2011 1:02:35 PM - Software Distribution Service 3.0
RP1237: 3/1/2011 1:33:27 PM - System Checkpoint
RP1238: 3/3/2011 9:16:25 AM - System Checkpoint
RP1239: 3/4/2011 7:16:38 PM - Software Distribution Service 3.0
RP1240: 3/5/2011 10:19:01 AM - Software Distribution Service 3.0
RP1241: 3/6/2011 11:01:59 AM - System Checkpoint
RP1242: 3/8/2011 6:55:41 AM - System Checkpoint
RP1243: 3/8/2011 9:42:21 PM - Software Distribution Service 3.0
RP1244: 3/9/2011 10:54:09 PM - System Checkpoint
RP1245: 3/10/2011 11:20:15 PM - System Checkpoint
RP1246: 3/12/2011 12:20:37 PM - System Checkpoint
RP1247: 3/13/2011 8:38:15 PM - System Checkpoint
RP1248: 3/14/2011 8:46:06 PM - System Checkpoint
RP1249: 3/15/2011 8:31:24 PM - Removed Modem Helper
RP1250: 3/15/2011 8:32:03 PM - Removed NetWaiting
RP1251: 3/15/2011 10:06:01 PM - Removed Digital Content Portal
RP1252: 3/15/2011 10:06:54 PM - Removed HP Update
RP1253: 3/15/2011 10:08:21 PM - Removed Mobile Broadband Generic Drivers.
RP1254: 3/15/2011 10:41:44 PM - Installed TurboTax 2010 wrapper
RP1255: 3/17/2011 8:15:44 PM - System Checkpoint
RP1256: 3/18/2011 9:01:22 PM - System Checkpoint
RP1257: 3/19/2011 9:22:49 PM - System Checkpoint
RP1258: 3/20/2011 8:24:24 AM - Installed Java(TM) 6 Update 24
RP1259: 3/21/2011 9:27:35 AM - System Checkpoint
RP1260: 3/22/2011 10:43:36 AM - System Checkpoint
RP1261: 3/23/2011 10:49:31 AM - System Checkpoint
RP1262: 3/24/2011 9:02:50 AM - Software Distribution Service 3.0
RP1263: 3/24/2011 7:50:59 PM - Installed TurboTax 2010 wdciper
.
==== Installed Programs ======================
.
.
1600
1600_Help
1600Trb
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player
AiO_Scan
AiOSoftware
Amazon MP3 Downloader 1.0.9
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Management Programs
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Dell System Restore
Digital Line Detect
ELIcon
ESPN Java Check
Fax
GdiplusUpgrade
Google Chrome
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB895961-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Product Assistant
HP PSC & OfficeJet 4.7
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 7
LP_Flash
Malwarebytes' Anti-Malware
mCore
MCU
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIWA
mLogView
mMHouse
Mozilla Firefox (3.6.16)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mWMI
mXML
mZConfig
Netflix Movie Viewer
Picasa 3
ProductContext
QuickSet
QuickTime
Readme
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Sonic Encoders
Sophos Anti-Rootkit 1.5.4
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TurboTax 2010
TurboTax 2010 wdciper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wisdom-soft ScreenHunter 5.0 Free
.
==== Event Viewer Messages From Past Week ========
.
3/20/2011 8:29:10 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/20/2011 8:26:18 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/20/2011 8:19:08 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/20/2011 8:19:04 AM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
3/20/2011 8:18:54 AM, error: Service Control Manager [7034] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).
3/20/2011 11:05:18 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intuit Update Service service to connect.
3/20/2011 11:05:18 AM, error: Service Control Manager [7000] - The Logitech Process Monitor service failed to start due to the following error: The system cannot find the file specified.
3/20/2011 11:05:18 AM, error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/19/2011 11:58:49 PM, error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/18/2011 9:33:32 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/18/2011 6:36:15 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302A628D7. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================
Deucebot
Active Member
 
Posts: 8
Joined: March 25th, 2011, 5:17 pm
Advertisement
Register to Remove

Re: Google Hijacked

Unread postby askey127 » March 28th, 2011, 12:30 pm

Hi Deucebot,
You have a fairly severe emergency having to do with available space on your hard Drive.
Windows needs 15% of the drive free to run properly.
You need to remove some files by burning them to CD/DVD, transferring to another storage device, and/or just deleting them.
If you have a large music, photo or video collection stored on there, consider trimming it down or storing some of the collection elsewhere.
We can take a few steps to improve things a bit:
-----------------------------------------------------------
Reduce Recycle Bin Size
Right Click the Recycle Bin and choose Properties
In the Global tab, move the slider to the left so it shows 2% Maximum Size of Recycle Bin, click Apply and OK.
-------------------------------------------------------
Set System Restore Disk Usage
Go to Start, Settings, Control Panel or Start Control Panel and double click on System
Click the System Restore tab. It will show a list of drives.
Highlight the C: drive and click the Settings button.
If the slider is set to higher than 4 percent, slide it to the left to approximately the 4% point.
Click OK.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Java 2 Runtime Environment, SE v1.4.2_03
<== retaining this old one will get your computer infected
Java(TM) 6 Update 7

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google Hijacked

Unread postby Deucebot » March 29th, 2011, 6:54 am

Thank you!

Hard Drive space - I have increased by available space to nearly 4 GB and still have a way to go. I am culling some media and will move some things to an external drive over the next couple of days.

Extraneous Programs - Removed.

OTL Logs - Please see below.

OTL logfile created on: 3/28/2011 11:55:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Prestwood\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.06 Gb Total Space | 3.77 Gb Free Space | 4.33% Space Free | Partition Type: NTFS

Computer Name: WOO | User Name: Prestwood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/28 23:21:29 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Prestwood\Local Settings\Temp\clclean.0001
PRC - [2011/03/28 23:18:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prestwood\Desktop\OTL.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 18:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 18:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 06:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 06:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/08 19:02:51 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2006/06/30 05:35:27 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/05/01 10:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/05/01 10:28:26 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/01 10:28:06 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/05/01 10:26:14 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/02 21:49:14 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/03/28 23:18:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prestwood\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - File not found [Disabled | Stopped] -- -- (Amazon Download Agent)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 06:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2006/07/08 19:02:51 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2006/06/30 05:35:27 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/05/01 10:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/03/02 21:49:14 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/30 18:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 06:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 15:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 17:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 05:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 05:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 22:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 22:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 22:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2006/05/01 10:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 08:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/09 21:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/01/20 17:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/11 17:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/11/22 09:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/09/15 17:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/04 21:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/01 15:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/14 04:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 03:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 05:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/05/25 18:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/01/10 19:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 19:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/10/19 10:07:22 | 000,009,728 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFModNT.sys -- (PfModNT)
DRV - [2004/09/29 16:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=del ... channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = actsvr.comcastonline.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:0.9.8
FF - prefs.js..extensions.enabledItems: {A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {8171DA7A-4151-4329-A8B0-E0896E93B069}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 21:11:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/27 20:48:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8171DA7A-4151-4329-A8B0-E0896E93B069}: C:\Documents and Settings\Prestwood\Local Settings\Application Data\{8171DA7A-4151-4329-A8B0-E0896E93B069} [2011/02/01 15:48:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/13 08:09:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 15:37:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 19:51:30 | 000,000,000 | ---D | M]

[2010/02/27 21:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Extensions
[2008/06/17 23:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/02/27 21:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2011/03/20 11:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions
[2010/04/27 07:46:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/10/19 09:49:33 | 000,000,000 | ---D | M] ("BugMeNot") -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/01/04 19:41:33 | 000,000,000 | ---D | M] ("GMarks") -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
[2011/03/03 09:40:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/01 00:12:22 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\bettergmail2@ginatrapani.org
[2007/09/24 08:45:20 | 000,000,000 | ---D | M] ("VideoDownloader") -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\videodowloader@videodownloader.net
[2010/08/28 14:31:46 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\youtube2mp3@mondayx.de
[2011/03/28 23:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/24 19:51:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/13 08:09:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/01 08:13:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/09 23:11:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/07 10:20:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2011/03/20 08:25:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/01 15:48:38 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\PRESTWOOD\LOCAL SETTINGS\APPLICATION DATA\{8171DA7A-4151-4329-A8B0-E0896E93B069}
[2010/12/27 20:48:28 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2009/03/13 08:09:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/24 19:51:23 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/03/24 19:51:23 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 20:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2007/04/30 16:29:22 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/01/07 18:29:18 | 001,447,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2011/03/24 19:51:29 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2011/01/30 15:57:00 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/12/20 12:33:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/20 12:33:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/20 12:33:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/12/20 12:33:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/20 12:33:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/20 12:33:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/20 12:33:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2011/03/05 11:25:26 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/03/05 11:25:26 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/03/05 11:25:26 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/03/05 11:25:27 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011/03/05 11:25:27 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/03/05 11:25:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/03/05 11:25:27 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/share ... insctl.cab (Reg Error: Key error.)
O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} http://media.labs.live.com/all/ps/_code_/Photosynth.cab (Photosynth Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 2383646485 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Prestwood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Prestwood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{39f3eece-a657-11de-af71-001422af128a}\Shell - "" = AutoRun
O33 - MountPoints2\{39f3eece-a657-11de-af71-001422af128a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{39f3eece-a657-11de-af71-001422af128a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{894aed31-d547-11df-ad4b-001422af128a}\Shell\AutoRun\command - "" = E:\Remind.exe
O33 - MountPoints2\{b2181b43-0c85-11e0-ad65-001422af128a}\Shell\AutoRun\command - "" = F:\PhotoViewerAP-V305.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/28 23:18:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Prestwood\Desktop\OTL.exe
[2011/03/28 20:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prestwood\My Documents\TurboTax
[2011/03/23 09:32:01 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2011/03/23 08:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos Anti-Rootkit
[2011/03/23 08:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/03/20 08:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/20 08:25:31 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/20 08:25:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/20 08:25:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/20 08:25:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/15 22:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010
[2011/03/15 22:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
[2011/03/15 22:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2011/03/15 20:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prestwood\Application Data\AVG10
[2011/03/03 20:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/03 20:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/03 20:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/03/01 23:30:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Prestwood\IECompatCache
[2011/03/01 21:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/03/01 21:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prestwood\Application Data\Malwarebytes
[2011/03/01 21:09:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/01 21:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/01 21:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/01 21:09:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/01 21:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/01 21:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prestwood\Desktop\viruses
[2011/03/01 11:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prestwood\Application Data\SUPERAntiSpyware.com
[2011/03/01 11:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/28 23:22:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/28 23:21:10 | 000,006,329 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2011/03/28 23:20:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/28 23:20:54 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/28 23:18:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prestwood\Desktop\OTL.exe
[2011/03/28 21:04:04 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/03/28 18:42:55 | 110,164,074 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/25 17:23:47 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Prestwood\Desktop\dds.scr
[2011/03/23 09:36:25 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/03/22 19:45:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/20 11:04:18 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/15 22:23:45 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/15 22:23:45 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/15 20:17:49 | 000,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/03/09 23:15:06 | 000,221,964 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/03/08 22:44:33 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/07 23:03:43 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Prestwood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/01 00:12:47 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/25 17:23:47 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Prestwood\Desktop\dds.scr
[2011/03/23 09:36:25 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/03/20 11:04:16 | 2137,456,640 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/15 22:44:32 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/03/01 23:43:05 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/02/01 15:48:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dxadiyi.dat
[2011/02/01 15:48:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kcenu.bin
[2010/09/05 10:43:26 | 006,165,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/07 22:02:07 | 000,000,098 | ---- | C] () -- C:\WINDOWS\System32\qwavecache.dat
[2008/10/09 23:27:51 | 000,310,272 | ---- | C] () -- C:\WINDOWS\System32\mebeam.exe
[2008/09/24 19:31:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/24 19:25:09 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/06 20:51:10 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/05/18 12:18:18 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/05/18 12:17:16 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/05/16 20:16:11 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2007/03/20 20:22:38 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/20 20:22:10 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/02/26 14:21:42 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/12/13 23:10:57 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Prestwood\Application Data\dvd.bmk
[2006/12/13 23:07:59 | 000,000,611 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/12 20:38:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/24 23:35:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/22 20:36:47 | 000,068,999 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2006/11/22 20:20:30 | 000,069,320 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2006/11/22 20:20:30 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2006/10/14 05:11:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/08/13 23:59:37 | 000,044,128 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/07/12 14:54:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Prestwood\Application Data\PFP120JPR.{PB
[2006/07/12 14:54:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Prestwood\Application Data\PFP120JCM.{PB
[2006/07/10 09:59:05 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/10 09:45:36 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2006/07/09 13:28:02 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/08 23:06:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/07/08 21:36:30 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Prestwood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/08 19:02:52 | 000,006,329 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2006/07/08 19:02:51 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2006/07/08 19:02:51 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2006/07/08 15:47:58 | 000,003,725 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/08 14:29:24 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\6FDA061C06.sys
[2006/07/08 14:25:21 | 000,004,808 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/08 14:25:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\061C06DA6F.sys
[2006/07/08 14:24:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/08 14:13:51 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Prestwood\Local Settings\Application Data\fusioncache.dat
[2006/06/30 05:55:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/30 05:48:17 | 000,000,224 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/30 05:44:20 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/06/30 05:39:51 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/06/30 05:35:57 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/06/30 05:34:46 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/06/30 05:07:58 | 001,355,938 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/06/30 05:07:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/06/30 05:07:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/06/30 05:05:34 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 02:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/01 22:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,228,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 000,443,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,072,582 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2009/04/08 20:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2011/03/01 21:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/20 12:23:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/23 09:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/12/20 12:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/07/08 21:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2008/04/27 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/04/06 19:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/07/22 23:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2009/03/18 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/09/06 23:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 21:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/15 12:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/27 19:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prestwood\Application Data\Amazon
[2011/03/15 20:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prestwood\Application Data\AVG10
[2009/11/29 23:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prestwood\Application Data\FileZilla
[2008/04/06 20:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prestwood\Application Data\TaxCut
[2011/03/22 19:45:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



< End of report >


--------------------------------------------------------------

OTL Extras logfile created on: 3/28/2011 11:55:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Prestwood\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.06 Gb Total Space | 3.77 Gb Free Space | 4.33% Space Free | Partition Type: NTFS

Computer Name: WOO | User Name: Prestwood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Program Files\AVG Free\avginet.exe" = C:\Program Files\AVG Free\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\AVG Free\avgamsvr.exe" = C:\Program Files\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\AVG Free\avgcc.exe" = C:\Program Files\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\AVG\AVG 8\avgupd.exe" = C:\Program Files\AVG\AVG 8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe" = C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe:*:Enabled:mlb-nexdef-autobahn
"C:\Documents and Settings\Prestwood\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Prestwood\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin
"C:\Documents and Settings\Prestwood\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Prestwood\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
"C:\Program Files\AVG\AVG 8\avgnsx.exe" = C:\Program Files\AVG\AVG 8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 24
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CBD6CD44-B27D-4649-B649-2A1E73177DF5}" = TurboTax 2010 wdciper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D42B6F90-1084-4C9B-AF28-958926E6E32E}" = LP_Flash
"{E35AF511-B618-4D02-B559-0F2147341D3B}" = AVG 2011
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AVG" = AVG 2011
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"ProInst" = Intel(R) PROSet/Wireless Software
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2010" = TurboTax 2010
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ESPN Java Check" = ESPN Java Check
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/26/2011 6:55:17 PM | Computer Name = WOO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/26/2011 6:55:17 PM | Computer Name = WOO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 3/26/2011 6:55:17 PM | Computer Name = WOO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 3/26/2011 10:33:37 PM | Computer Name = WOO | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 3/27/2011 9:12:55 AM | Computer Name = WOO | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 3/27/2011 1:09:19 PM | Computer Name = WOO | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 3/28/2011 6:39:25 PM | Computer Name = WOO | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 3/28/2011 10:37:25 PM | Computer Name = WOO | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 3/28/2011 11:42:11 PM | Computer Name = WOO | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.22.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2011 11:43:44 PM | Computer Name = WOO | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.22.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/25/2011 8:21:01 PM | Computer Name = WOO | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 001302A628D7.

Error - 3/26/2011 2:54:44 PM | Computer Name = WOO | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 3/26/2011 2:54:44 PM | Computer Name = WOO | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 3/26/2011 6:25:10 PM | Computer Name = WOO | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 001302A628D7.

Error - 3/26/2011 10:33:24 PM | Computer Name = WOO | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 001302A628D7.

Error - 3/27/2011 1:59:19 AM | Computer Name = WOO | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 001302A628D7.

Error - 3/27/2011 9:12:45 AM | Computer Name = WOO | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 001302A628D7.

Error - 3/27/2011 1:09:08 PM | Computer Name = WOO | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 001302A628D7.

Error - 3/28/2011 6:39:06 PM | Computer Name = WOO | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 001302A628D7.

Error - 3/28/2011 11:21:45 PM | Computer Name = WOO | Source = Service Control Manager | ID = 7000
Description = The Logitech Process Monitor service failed to start due to the following
error: %%2


< End of report >
Deucebot
Active Member
 
Posts: 8
Joined: March 25th, 2011, 5:17 pm

Re: Google Hijacked

Unread postby askey127 » March 29th, 2011, 7:55 am

Deucebot,
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    C:\Documents and Settings\All Users\Application Data\Hitman Pro
    C:\Documents and Settings\Prestwood\Application Data\SUPERAntiSpyware.com
    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\System32\drivers\hitmanpro35.sys
    C:\Documents and Settings\Prestwood\Application Data\SUPERAntiSpyware.com
    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    
    :Commands
    [EMPTYTEMP]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-----------------------------------------------
Please download MiniToolBox and run it.
Check ONLY the following in the list:
  • Flush DNS
  • List IP configuration
  • List Windows version, partitions, and memory size
Click GO and post the result (Result.txt).
---------------------------------------------------
So we will be looking for the following in your reply:
  • Quick Scan log from OTL
  • Results from MiniToolbox
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google Hijacked

Unread postby Deucebot » March 30th, 2011, 7:51 am

Thank you. Here are the files you requested:


OTL logfile created on: 3/29/2011 10:52:36 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Prestwood\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.06 Gb Total Space | 4.12 Gb Free Space | 4.73% Space Free | Partition Type: NTFS

Computer Name: WOO | User Name: Prestwood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/29 22:41:16 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Prestwood\Local Settings\Temp\clclean.0001
PRC - [2011/03/28 23:18:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prestwood\Desktop\OTL.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 18:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 18:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 06:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 06:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/08 19:02:51 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2006/06/30 05:35:27 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/05/01 10:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/05/01 10:28:26 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/01 10:28:06 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/05/01 10:26:14 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/02 21:49:14 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/03/28 23:18:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prestwood\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - File not found [Disabled | Stopped] -- -- (Amazon Download Agent)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 06:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2006/07/08 19:02:51 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2006/06/30 05:35:27 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/05/01 10:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/03/02 21:49:14 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/30 18:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 06:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 15:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 17:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 05:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 05:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 22:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 22:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 22:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2006/05/01 10:52:02 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/27 08:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/09 21:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/01/20 17:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/11 17:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/11/22 09:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/09/15 17:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/04 21:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/01 15:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/14 04:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 03:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 05:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/05/25 18:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/01/10 19:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 19:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/10/19 10:07:22 | 000,009,728 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFModNT.sys -- (PfModNT)
DRV - [2004/09/29 16:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=del ... channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = actsvr.comcastonline.com;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:0.9.8
FF - prefs.js..extensions.enabledItems: {A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}:1.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {8171DA7A-4151-4329-A8B0-E0896E93B069}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/27 20:48:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8171DA7A-4151-4329-A8B0-E0896E93B069}: C:\Documents and Settings\Prestwood\Local Settings\Application Data\{8171DA7A-4151-4329-A8B0-E0896E93B069} [2011/02/01 15:48:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 15:37:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 19:51:30 | 000,000,000 | ---D | M]

[2010/02/27 21:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Extensions
[2010/02/27 21:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2011/03/20 11:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions
[2010/04/27 07:46:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/10/19 09:49:33 | 000,000,000 | ---D | M] ("BugMeNot") -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/01/04 19:41:33 | 000,000,000 | ---D | M] ("GMarks") -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
[2011/03/03 09:40:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/01 00:12:22 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\bettergmail2@ginatrapani.org
[2007/09/24 08:45:20 | 000,000,000 | ---D | M] ("VideoDownloader") -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\videodowloader@videodownloader.net
[2010/08/28 14:31:46 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Documents and Settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\extensions\youtube2mp3@mondayx.de
[2011/03/28 23:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/20 08:25:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/01 15:48:38 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\PRESTWOOD\LOCAL SETTINGS\APPLICATION DATA\{8171DA7A-4151-4329-A8B0-E0896E93B069}
[2010/12/27 20:48:28 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2009/03/13 08:09:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/share ... insctl.cab (Reg Error: Key error.)
O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} http://media.labs.live.com/all/ps/_code_/Photosynth.cab (Photosynth Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 2383646485 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Prestwood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Prestwood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{39f3eece-a657-11de-af71-001422af128a}\Shell - "" = AutoRun
O33 - MountPoints2\{39f3eece-a657-11de-af71-001422af128a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{39f3eece-a657-11de-af71-001422af128a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{894aed31-d547-11df-ad4b-001422af128a}\Shell\AutoRun\command - "" = E:\Remind.exe
O33 - MountPoints2\{b2181b43-0c85-11e0-ad65-001422af128a}\Shell\AutoRun\command - "" = F:\PhotoViewerAP-V305.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/29 22:37:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/28 23:18:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Prestwood\Desktop\OTL.exe
[2011/03/28 20:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prestwood\My Documents\TurboTax
[2011/03/23 09:32:01 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2011/03/23 08:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos Anti-Rootkit
[2011/03/23 08:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/03/20 08:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/15 22:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010
[2011/03/15 22:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax
[2011/03/15 22:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2011/03/15 20:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prestwood\Application Data\AVG10
[2011/03/03 20:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/03 20:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/03 20:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/03/01 23:30:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Prestwood\IECompatCache
[2011/03/01 21:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prestwood\Application Data\Malwarebytes
[2011/03/01 21:09:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/01 21:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/01 21:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/01 21:09:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/01 21:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/01 21:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Prestwood\Desktop\viruses

========== Files - Modified Within 30 Days ==========

[2011/03/29 22:43:21 | 000,365,553 | ---- | M] () -- C:\Documents and Settings\Prestwood\Desktop\MiniToolBox.exe
[2011/03/29 22:41:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/29 22:40:40 | 000,006,329 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2011/03/29 22:40:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/29 22:40:23 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/29 22:34:58 | 110,353,329 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/28 23:18:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Prestwood\Desktop\OTL.exe
[2011/03/28 21:04:04 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/03/25 17:23:47 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Prestwood\Desktop\dds.scr
[2011/03/20 11:04:18 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/15 22:23:45 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/15 22:23:45 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/15 20:17:49 | 000,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/03/09 23:15:06 | 000,221,964 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/03/08 22:44:33 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/07 23:03:43 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Prestwood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/01 00:12:47 | 000,000,209 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2011/03/29 22:43:20 | 000,365,553 | ---- | C] () -- C:\Documents and Settings\Prestwood\Desktop\MiniToolBox.exe
[2011/03/25 17:23:47 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Prestwood\Desktop\dds.scr
[2011/03/20 11:04:16 | 2137,456,640 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/15 22:44:32 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/02/01 15:48:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dxadiyi.dat
[2011/02/01 15:48:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kcenu.bin
[2010/09/05 10:43:26 | 006,165,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/07 22:02:07 | 000,000,098 | ---- | C] () -- C:\WINDOWS\System32\qwavecache.dat
[2008/10/09 23:27:51 | 000,310,272 | ---- | C] () -- C:\WINDOWS\System32\mebeam.exe
[2008/09/24 19:31:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/24 19:25:09 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/06 20:51:10 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/05/18 12:18:18 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/05/18 12:17:16 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/05/16 20:16:11 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2007/03/20 20:22:38 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/20 20:22:10 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/02/26 14:21:42 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/12/13 23:10:57 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Prestwood\Application Data\dvd.bmk
[2006/12/13 23:07:59 | 000,000,611 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/12 20:38:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/24 23:35:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/22 20:36:47 | 000,068,999 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2006/11/22 20:20:30 | 000,069,320 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2006/11/22 20:20:30 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2006/10/14 05:11:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/08/13 23:59:37 | 000,044,128 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/07/12 14:54:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Prestwood\Application Data\PFP120JPR.{PB
[2006/07/12 14:54:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Prestwood\Application Data\PFP120JCM.{PB
[2006/07/10 09:59:05 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/10 09:45:36 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2006/07/09 13:28:02 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/08 23:06:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/07/08 21:36:30 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Prestwood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/08 19:02:52 | 000,006,329 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2006/07/08 19:02:51 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2006/07/08 19:02:51 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2006/07/08 15:47:58 | 000,003,725 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/08 14:29:24 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\6FDA061C06.sys
[2006/07/08 14:25:21 | 000,004,808 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/08 14:25:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\061C06DA6F.sys
[2006/07/08 14:24:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/08 14:13:51 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Prestwood\Local Settings\Application Data\fusioncache.dat
[2006/06/30 05:55:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/30 05:48:17 | 000,000,224 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/30 05:44:20 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/06/30 05:39:51 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/06/30 05:35:57 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/06/30 05:34:46 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/06/30 05:07:58 | 001,355,938 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/06/30 05:07:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/06/30 05:07:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/06/30 05:05:34 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 02:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/01 22:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,228,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 000,443,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,072,582 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2009/04/08 20:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2011/03/01 21:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/20 12:23:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/20 12:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/07/08 21:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2008/04/27 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/04/06 19:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/07/22 23:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2009/03/18 21:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/09/06 23:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 21:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/15 12:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/27 19:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prestwood\Application Data\Amazon
[2011/03/15 20:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prestwood\Application Data\AVG10
[2009/11/29 23:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prestwood\Application Data\FileZilla
[2008/04/06 20:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Prestwood\Application Data\TaxCut

========== Purity Check ==========



< End of report >

-----------------------------------------------------------------
-----------------------------------------------------------------

MiniToolBox by Farbar
Ran by Prestwood at 2011-03-30 07:48:27
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


================= Flush DNS: ==============================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


================= End of Flush DNS ========================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Woo

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.dc.comcast.net.



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-14-22-AF-12-8A



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : hsd1.dc.comcast.net.

Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-13-02-A6-28-D7

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 68.87.73.246

68.87.71.230

Lease Obtained. . . . . . . . . . : Wednesday, March 30, 2011 7:43:09 AM

Lease Expires . . . . . . . . . . : Wednesday, March 30, 2011 8:43:09 AM

Server: cns.manassaspr.va.dc02.comcast.net
Address: 68.87.73.246

Name: google.com
Addresses: 72.14.204.104, 72.14.204.103, 72.14.204.99, 72.14.204.147



Pinging google.com [72.14.204.99] with 32 bytes of data:



Reply from 72.14.204.99: bytes=32 time=31ms TTL=50

Reply from 72.14.204.99: bytes=32 time=21ms TTL=50



Ping statistics for 72.14.204.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 31ms, Average = 26ms

Server: cns.manassaspr.va.dc02.comcast.net
Address: 68.87.73.246

Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=72ms TTL=51

Reply from 209.191.122.70: bytes=32 time=74ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 72ms, Maximum = 74ms, Average = 73ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 22 af 12 8a ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 13 02 a6 28 d7 ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.3 192.168.0.3 20
192.168.0.0 255.255.255.0 192.168.0.3 192.168.0.3 25
192.168.0.3 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.3 192.168.0.3 25
224.0.0.0 240.0.0.0 192.168.0.3 192.168.0.3 25
255.255.255.255 255.255.255.255 192.168.0.3 2 1
255.255.255.255 255.255.255.255 192.168.0.3 192.168.0.3 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Memory info: ====================================

Percentage of memory in use: 36%
Total physical RAM: 2038.37 MB
Available physical RAM: 1300.01 MB
Total Pagefile: 3931.17 MB
Available Pagefile: 3365.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.08 MB

======================= Partitions: =======================================

1 Drive c: (Charlie) (Fixed) (Total:87.06 GB) (Free:4.08 GB) NTFS
Deucebot
Active Member
 
Posts: 8
Joined: March 25th, 2011, 5:17 pm

Re: Google Hijacked

Unread postby askey127 » March 31st, 2011, 7:48 am

Deucebot,
Please Do each step before proceeding to the next.
I would print this out first, to be sure you are doing everything in the correct sequence. Don't Guess.

We are going to remove your AVG 2011 antivirus and replace it with an antivirus called Avira Antivir.
This will also remove the "Linkscanner" toolbar, which is related to ask.com
This is necessary to for our tools to work correctly.

Then we will have Antivir run a scan and give us a report.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Click the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)
Save the Installer to your desktop, but don't run it yet. The installer file will be named avira_antivir_personal_en.exe
Double check to be sure you know where to find it.
------------------------------------------------
Remove AVG Antivirus Using the Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click this Entry, choose Uninstall/Change, and give permission to Continue:

AVG 2011

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------
Install Antivir
Right Click the Avira Antivir Installer you saved on your desktop, choose "Run as administrator", and let it Install Antivir.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any items it finds.
IMPORTANT >> tell it to DELETE or QUARANTINE any items it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google Hijacked

Unread postby Deucebot » March 31st, 2011, 6:29 pm

Each step completed in order as you have requested. Here is the log from Avira:



Avira AntiVir Personal
Report file date: Thursday, March 31, 2011 08:22

Scanning for 2550634 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : WOO

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 18:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 18:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 18:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 18:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 18:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 18:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 18:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 18:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 18:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 18:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 18:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 18:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 18:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 18:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 18:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 18:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 22:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 20:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 22:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 20:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 12:19:18
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 12:19:19
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 12:19:21
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 12:19:22
VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 12:19:27
VBASE026.VDF : 7.11.5.38 137216 Bytes 3/23/2011 12:19:29
VBASE027.VDF : 7.11.5.82 151552 Bytes 3/27/2011 12:19:33
VBASE028.VDF : 7.11.5.122 154112 Bytes 3/30/2011 12:19:36
VBASE029.VDF : 7.11.5.123 2048 Bytes 3/30/2011 12:19:36
VBASE030.VDF : 7.11.5.124 2048 Bytes 3/30/2011 12:19:36
VBASE031.VDF : 7.11.5.146 85504 Bytes 3/31/2011 12:19:38
Engineversion : 8.2.4.192
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 18:36:49
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 3/31/2011 12:20:12
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 18:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 18:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 3/31/2011 12:20:06
AEPACK.DLL : 8.2.4.13 524662 Bytes 3/31/2011 12:20:02
AEOFFICE.DLL : 8.1.1.18 205178 Bytes 3/31/2011 12:19:59
AEHEUR.DLL : 8.1.2.91 3387767 Bytes 3/31/2011 12:19:57
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 18:36:41
AEGEN.DLL : 8.1.5.3 397684 Bytes 3/31/2011 12:19:43
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 18:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 3/4/2011 18:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 18:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 18:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 18:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 18:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 18:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 18:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 18:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 18:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 18:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 18:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 18:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+PFS,

Start of the scan: Thursday, March 31, 2011 08:22

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\3
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\3
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\4
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\6
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\7
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\8
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\9
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\18
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\10
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\11
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\12
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\13
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\14
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\24
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\26
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\27
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\19
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\22
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2\15
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\3
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\4
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\6
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\7
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\8
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\9
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\18
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\10
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\11
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\12
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\13
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\14
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\24
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\26
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\27
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\19
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\22
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4\15
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\3
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\4
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\6
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\7
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\8
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\9
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\18
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\10
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\11
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\12
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\13
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\14
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\24
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\26
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\27
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\19
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\22
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB\15
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\3
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\4
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\6
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\7
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\8
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\9
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\18
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\10
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\11
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\12
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\13
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\14
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\24
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\26
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\27
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\19
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\22
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C\15
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\3
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\4
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\6
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\7
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\8
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\9
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\18
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\10
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\11
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\12
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\13
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\14
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\24
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\26
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\27
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\19
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\22
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE\15
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\1
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\3
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\4
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\6
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\7
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\8
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\9
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\18
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\10
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\11
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\12
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\13
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\14
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\24
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\26
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\27
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\19
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\22
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\LicCtrl\LicCtrl\LicCtrl\LicCtrl\F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379\15
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'logon.scr' - '16' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '64' Module(s) have been scanned
Scan process 'avgnt.exe' - '49' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '56' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '68' Module(s) have been scanned
Scan process 'ifrmewrk.exe' - '82' Module(s) have been scanned
Scan process 'clclean.0001' - '13' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '56' Module(s) have been scanned
Scan process 'Rundll32.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '118' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '41' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'McrdSvc.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '24' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '17' Module(s) have been scanned
Scan process 'NICCONFIGSVC.exe' - '40' Module(s) have been scanned
Scan process 'runservice.exe' - '11' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '60' Module(s) have been scanned
Scan process 'ehSched.exe' - '18' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '42' Module(s) have been scanned
Scan process 'CreativeLicensing.exe' - '9' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '49' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'spoolsv.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'WLKeeper.exe' - '54' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '43' Module(s) have been scanned
Scan process 'EvtEng.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '159' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'winlogon.exe' - '81' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1792' files ).


Starting the file scan:

Begin scan in 'C:\' <Charlie>


End of the scan: Thursday, March 31, 2011 09:55
Used time: 1:33:43 Hour(s)

The scan has been done completely.

15761 Scanned directories
317715 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
317715 Files not concerned
3686 Archives were scanned
0 Warnings
0 Notes
476541 Objects were scanned with rootkit scan
132 Hidden objects were found
Deucebot
Active Member
 
Posts: 8
Joined: March 25th, 2011, 5:17 pm

Re: Google Hijacked

Unread postby askey127 » April 1st, 2011, 7:17 am

Deucebot,
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVIRA ANTIVIR
    Please navigate to the system tray on the bottom right hand corner and look for an open umbrella on red background (looks like this:Image )
    • Right click it and untick any of the options AntiVir Guard enable, Antivir Webguard enable, and Antivir Mailguard enable, that are present.
    • You should now see a closed umbrella on a red background (looks like this: Image )
    The AntiVir Guards are now disabled.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your Antivir protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google Hijacked

Unread postby Deucebot » April 1st, 2011, 10:03 am

Done, exactly as requested. Thank you.

ComboFix 11-03-31.04 - Prestwood 04/01/2011 9:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1337 [GMT -4:00]
Running from: c:\documents and settings\Prestwood\Desktop\zzz.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\PRESTW~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\documents and settings\Prestwood\Local Settings\Application Data\{8171DA7A-4151-4329-A8B0-E0896E93B069}
c:\documents and settings\Prestwood\Local Settings\Application Data\{8171DA7A-4151-4329-A8B0-E0896E93B069}\chrome.manifest
c:\documents and settings\Prestwood\Local Settings\Application Data\{8171DA7A-4151-4329-A8B0-E0896E93B069}\chrome\content\_cfg.js
c:\documents and settings\Prestwood\Local Settings\Application Data\{8171DA7A-4151-4329-A8B0-E0896E93B069}\chrome\content\overlay.xul
c:\documents and settings\Prestwood\Local Settings\Application Data\{8171DA7A-4151-4329-A8B0-E0896E93B069}\install.rdf
c:\documents and settings\Prestwood\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\windows\system32\Data
.
.
((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
.
.
2011-03-31 12:21 . 2011-03-31 12:21 -------- d-----w- c:\documents and settings\Prestwood\Application Data\Avira
2011-03-31 12:17 . 2011-03-04 20:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-31 12:17 . 2011-03-04 18:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-31 12:17 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-03-31 12:17 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-03-31 12:17 . 2011-03-31 12:17 -------- dc----w- c:\documents and settings\All Users\Application Data\Avira
2011-03-31 12:17 . 2011-03-31 12:17 -------- d-----w- c:\program files\Avira
2011-03-30 02:37 . 2011-03-30 02:37 -------- dc----w- C:\_OTL
2011-03-23 13:32 . 2010-05-26 14:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-03-23 12:08 . 2011-03-23 12:08 -------- d-----w- c:\program files\Sophos
2011-03-20 12:25 . 2011-02-03 01:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-20 12:25 . 2011-02-03 01:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-16 02:32 . 2011-03-16 02:32 -------- d-----w- c:\program files\TurboTax
2011-03-16 00:44 . 2011-03-16 00:44 -------- d-----w- c:\documents and settings\Prestwood\Application Data\AVG10
2011-03-04 00:04 . 2011-03-04 00:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-04 00:04 . 2011-03-04 00:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 00:45 . 2011-02-23 00:45 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-04 22:48 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 23:19 . 2008-07-12 00:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2005-08-16 09:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-08-16 09:37 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-08-16 09:18 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2005-08-16 09:18 290048 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"MBMon"="CTMBHA.DLL" [2006-03-03 1355938]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 -c--a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2006-05-03 07:12 98304 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-16 02:19 133104 ----atw- c:\documents and settings\Prestwood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googleTalk MeBeam plugin]
2008-10-10 03:27 310272 ----a-w- c:\windows\system32\mebeam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-13 07:41 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-13 07:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-13 07:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 20:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 21:30 282624 -c--a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 16:48 761947 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 -c----w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [3/23/2011 9:32 AM 18816]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/31/2011 8:17 AM 135336]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/8/2006 7:02 PM 2560]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5CD.tmp --> c:\windows\system32\5CD.tmp [?]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Downloader\AmazonGSDownloaderService.exe --> c:\program files\Amazon\Amazon Downloader\AmazonGSDownloaderService.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SWPRV
*NewlyCreated* - VSS
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.jasc.com/command.asp?app=dpa ... A01B1799D4
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} - hxxp://media.labs.live.com/all/ps/_code_/Photosynth.cab
FF - ProfilePath - c:\documents and settings\Prestwood\Application Data\Mozilla\Firefox\Profiles\til7qpzr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - Ext: Better Gmail 2: bettergmail2@ginatrapani.org - %profile%\extensions\bettergmail2@ginatrapani.org
FF - Ext: GMarks: {A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83} - %profile%\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-Rnubevuqanalepe - c:\windows\eloqububukuk.dll
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-01 09:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5CD.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,ba,e9,e0,76,1f,5b,ab,
75
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,f2,c9,99,66,1f,10,89,7d,ec,36,ce,6f,e7,65,ad,a4
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:43,ca,98,e1,47,1d,ba,52
"3"=hex:5f,67,97,39,f0,60,10,7b,f4,5b,42,71,3b,17,85,c3,96,20,76,88,e8,9b,07,
b0,11,fa,cb,b4,50,10,9d,5e,1e,35,94,f8,a5,ed,b9,f3,68,c6,3f,18,71,ac,e3,1d,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,8f,11,0c,96,c4,fa,d8,91,78,cf,14,bd,b3,8a,5a,1f,2a,d4,09,88,08,ef,5f,da,\
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,37,65,4a,44,d9,25,9a,
0e,14,60,9e,6e,00,f1,a7,11,f3,73,af,4f,58,82,af,f9,39,1f,10,58,36,b8,5d,ed
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:58,6a,95,9c,6f,ba,7f,7f,f2,b9,71,63,61,92,4f,77,40,8b,28,c9,5a,34,99,
d0,eb,2c,e1,e4,82,01,92,d4,5f,d0,8e,61,d0,2f,88,7a,29,e8,b9,b0,34,57,21,7b,\
"13"=hex:77,fd,8d,c9,80,52,ab,ee,8b,24,5d,86,63,6c,d8,8a,a1,d3,f5,10,13,91,fc,
78
"14"=hex:56,9f,0c,87,43,ea,8d,f7,6c,01,ea,a3,05,cf,93,b7
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:74,74,eb,9d,74,b4,6d,d8,db,4c,ff,5e,72,e9,95,a9
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:f4,0e,68,a8,94,81,33,f2,35,a2,be,95,17,3b,8c,7a,d8,c8,3b,43,a6,d9,12,
8a,7b,d0,77,0d,be,f8,5f,c1,8b,a5,c8,14,59,85,0c,01,0d,eb,2a,fd,33,8e,30,57,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,0d,ef,4b,fc,af,c2,2e,ad
"2"=hex:04,29,6a,69,56,d3,ea,41,db,c1,1a,08,f4,34,4d,ff
"3"=hex:d1,25,ee,6b,59,ad,88,a9,2c,aa,9b,0c,10,25,7d,ad,72,7b,1e,a9,98,7f,af,
cd,53,f5,91,67,c1,86,ef,c7,fe,5f,ee,c2,a2,a3,91,44,a7,81,5b,93,21,f2,47,13,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,46,88,2f,82,3b,10,0c,a3,a4,3a,ce,d2,dd,53,e9,b9,5d,82,c8,41,fe,ea,62,93,\
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,49,3e,e5,49,ef,df,ad,a2
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,37,65,4a,44,d9,25,9a,
0e,ba,16,0c,6d,37,58,ac,82,6b,bd,04,83,ee,d3,6b,c3,e3,c8,59,ed,05,08,43,f2
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:db,8a,43,47,3b,7b,23,33
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:32,ac,75,0b,cb,53,f2,a5,e6,69,5a,61,d8,20,47,3a,48,70,d8,c5,65,a8,de,
f1,ab,32,37,79,27,7d,9a,d0,fb,de,db,40,80,9f,15,a3,fc,20,70,dd,71,8f,43,cd,\
"13"=hex:e3,5f,56,5d,cf,a3,55,ca,34,7d,ba,29,32,f4,f3,39,5f,4d,10,77,72,7f,9c,
cf
"14"=hex:bd,67,9b,ef,47,fb,15,8c,ba,a8,71,3f,47,d1,f1,06
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:fe,30,b2,35,02,b9,4f,b7,08,f6,96,f7,39,24,e5,3b
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:ab,5d,ce,aa,88,2d,97,7a,3e,11,3e,9b,42,88,61,3a,a0,69,49,3c,13,71,90,
d0,25,65,99,ca,c2,61,cb,c4,d5,09,96,00,54,05,d8,41,4b,30,51,70,36,aa,a8,b0,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,44,f7,88,8f,b5,4c,1b,f9,3e,da,c2,d2,eb,69,77,32,91,02,8c,84,09,5e,d2,d3
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\3323E31CCF524E1933A08EFC0405BBBB]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,ce,d6,da,a0,ab,80,e1,24
"2"=hex:70,52,20,b5,8f,72,73,3d
"3"=hex:9b,b6,16,4f,52,1d,ff,6a,61,44,84,03,ef,8e,de,4e,33,5a,35,97,1d,e0,5c,
22,06,46,5a,77,55,29,fa,86,d0,94,52,8b,68,5d,20,89,26,6c,3d,5f,a5,b8,cd,6c,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,6a,83,7f,d6,71,af,86,e0,98,8d,dd,2e,7a,95,cd,1a,9e,2d,5f,ec,63,7f,c9,e5,\
"7"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,29,7c,70,46,35,dc,d7,79
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,af,44,49,90,ea,52,70,
0f,e4,59,96,68,11,d5,9f,b6,ed,f7,a1,74,f3,6a,8e,dd
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:4b,e7,5b,74,b5,c2,5a,ce,61,d6,7f,2d,f4,5a,a0,aa,d1,9b,26,d2,e7,04,c6,
62,8a,82,e8,1a,02,5b,69,73,41,d4,4a,b7,fd,18,06,88,7d,31,e3,b0,fd,8a,f2,fb,\
"13"=hex:41,14,88,85,af,e3,bc,91,27,0a,98,3f,d4,32,b5,53,85,18,f5,48,32,59,53,
5c
"14"=hex:4e,63,05,ff,92,a2,5b,c8
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:b2,82,72,15,07,b4,61,e4,12,9e,50,25,cc,48,0e,4d
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:8b,11,ff,fd,55,7e,14,f7,12,6d,b8,9f,8b,0c,22,cc,58,c5,d7,14,0e,18,22,
4c,d6,57,11,d0,f1,18,b3,7e,32,7b,1f,a4,9e,87,c7,e7,a7,d0,7d,8f,02,c0,fd,f0,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\37539B6D352ECF5C006214859EC1AF0C]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,c8,c9,f6,99,f8,a7,b9,da
"2"=hex:76,4e,1c,cc,2e,81,b8,f3
"3"=hex:5c,5d,15,2b,f3,17,9b,23,95,f9,67,dd,3c,7e,49,14,16,a8,34,d2,af,65,9a,
44,79,fd,83,5b,cc,17,1e,2c,6b,c9,31,93,12,b1,1e,e8,de,d9,87,5c,59,a3,54,a3,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,13,d6,a9,04,9e,fe,4b,b3,10,e4,eb,ef,c4,3c,01,7c,da,ad,aa,35,c5,9e,af,7d,\
"7"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,f5,de,1e,04,6d,6b,1c,69
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,e5,12,03,e0,64,22,08,
e9,bd,35,f6,2e,a2,a5,37,aa,32,d1,9a,c8,ec,ce,08,79
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:d0,c3,61,d6,3a,5b,42,4e,20,be,53,98,66,c7,02,04,a4,41,3a,8f,ad,65,e3,
16,6d,f0,42,e3,25,1c,ba,25,7c,ee,a1,6c,a9,10,73,06,b4,5e,3e,58,d6,03,23,d5,\
"13"=hex:af,4d,d9,59,90,40,39,f9,81,a5,3b,cb,67,11,db,61,d7,13,d1,cb,a1,cc,7f,
a2
"14"=hex:6c,3a,76,3b,92,16,dd,60
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:12,d4,74,57,d2,07,fa,a8,f1,d5,92,29,2f,e0,f5,4e
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:70,c7,74,87,fb,ea,a4,c4,dd,50,15,5c,03,3d,17,13,8a,0a,b1,50,98,46,f4,
7e,75,56,5b,bf,11,4c,d8,58,fb,b6,f6,c1,81,ba,4c,0d,04,e1,be,93,18,0b,f7,bc,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\A28FC91DA48F2E633FEBC5F75796F7EE]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,50,94,16,01,b2,17,1a,42
"2"=hex:af,de,e1,d4,71,84,6f,cd
"3"=hex:80,64,d4,ba,b0,f8,af,64,5c,81,03,9d,4b,e3,26,ee,28,6d,72,fc,bf,ab,c5,
15,fd,1a,25,ad,90,20,cf,d0,77,2a,cb,87,57,10,93,55,82,65,34,5f,54,1c,51,ec,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,c2,7a,22,37,ea,ed,a9,12,3e,e1,c8,dc,28,3e,46,e1,6b,10,d1,0d,d2,c1,3b,7d,\
"7"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,fc,f4,86,ed,7d,07,89,29,2f,7f,fa,55,aa,50,20,7e,7c,e5,f7,a8,05,d7,35,13,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,cd,29,80,6f,80,d8,58,
83,52,b9,cd,f5,cb,e6,e8,61,97,9f,54,28,d1,21,c5,c5
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:85,ab,f3,6f,d8,bd,cf,3f,fe,8b,f8,9c,f6,d4,b1,ce,b2,ce,90,73,9a,a1,9f,
c3,de,2f,07,6d,0e,f6,31,e0,fc,5d,c0,5d,22,94,9f,5c,b8,af,e6,83,d8,1b,0d,7d,\
"13"=hex:a7,37,36,ec,52,4d,53,19,b7,2c,cd,53,3d,3d,04,ef,95,19,b6,61,3d,b7,6a,
2f
"14"=hex:3b,71,c6,44,4a,52,dd,47
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:74,74,eb,9d,74,b4,6d,d8,db,4c,ff,5e,72,e9,95,a9
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:1c,62,d6,24,ba,bb,e0,98,13,e7,23,5f,2d,08,40,c1,52,b6,67,cc,87,2c,87,
d6,3c,bf,65,b4,d7,88,50,09,85,c6,b4,aa,30,b7,59,09,dc,ce,4b,9a,8b,2e,5b,e8,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\D580A8CFDA60E9362F91B6F863D46379]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,50,94,16,01,b2,17,1a,42
"2"=hex:11,b7,bf,c5,fa,e2,5a,47
"3"=hex:a3,c8,97,03,23,19,4b,61,b5,7c,43,69,e0,12,fa,fb,84,73,7b,33,f3,33,72,
bd,63,f5,1b,75,a8,8b,8f,22,59,39,9e,a3,c9,46,15,68,87,93,de,57,ef,fc,63,d4,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,30,ee,8f,52,62,66,50,ce,77,e9,c4,12,3a,ea,b5,46,6c,fa,23,06,2c,2a,16,61,\
"7"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,04,de,29,1c,d1,59,b3,b5,1c,3a,e8,07,ed,d8,08,6e,a7,52,c4,be,fd,58,1e,61,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,9b,22,26,63,db,74,18,
72,e2,75,ac,51,65,5d,9c,6c,81,fb,58,fc,b8,70,b4,8c
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:53,e8,8c,23,93,07,6a,57,07,94,87,ad,f3,ab,52,72,ec,34,54,5e,70,66,bf,
6a,e6,7b,b0,d8,60,fc,3a,a9,eb,5d,4d,be,e8,c7,5f,38,9a,5c,a1,4e,06,69,b6,dd,\
"13"=hex:e4,96,e8,37,88,dc,81,28,4a,99,ce,b5,7b,6e,52,5e,64,23,3e,2c,0f,bc,2c,
33
"14"=hex:6b,51,bd,2b,8f,5b,c4,81
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:62,99,33,ae,91,3c,76,00,fa,71,c4,d2,8d,4b,b3,ed
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:3c,29,c0,dd,ca,99,59,b7,6e,cf,a7,00,db,94,28,2f,64,9b,62,f9,ef,8f,00,
75,0a,01,58,a0,79,48,e0,25,dc,91,02,5e,18,75,25,30,c3,62,7a,f2,7e,03,7f,91,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-04-01 09:43:33
ComboFix-quarantined-files.txt 2011-04-01 13:43
.
Pre-Run: 4,435,910,656 bytes free
Post-Run: 4,397,228,032 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 05382A807BA9F814BF3C1EDB38225191
Deucebot
Active Member
 
Posts: 8
Joined: March 25th, 2011, 5:17 pm

Re: Google Hijacked

Unread postby askey127 » April 1st, 2011, 3:23 pm

Deucebot,
-----------------------------------------------------
Let's check whether you have any other leftover infected files or settings.
This scan can take a long time (hours), but it is very thorough. Please start it when you can let it finish.
It doesn't remove anything. The report, however, is very valuable.

Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
    Note: If you are using Vista or Win7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this Report in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google Hijacked

Unread postby Deucebot » April 2nd, 2011, 9:03 am

The website will not let me run the scan. I get this error message:

"Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.

Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]"

I don't know why a license has expired since I've never used the site before, but that's where I'm at. Any recommendations?
Deucebot
Active Member
 
Posts: 8
Joined: March 25th, 2011, 5:17 pm

Re: Google Hijacked

Unread postby askey127 » April 2nd, 2011, 9:11 am

deucebot,
This is not likely your problem. That occurs when Kaspersky is updating, or seemingly at random.
Are you still getting redirects?
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Adobe Reader 9.4

Take extra care in answering questions posed by any Uninstaller.

--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google Hijacked

Unread postby Deucebot » April 2nd, 2011, 1:49 pm

Adobe Reader removed, and the new version installed.

Still getting the Kaspersky problem.

I got a redirect as recently as last night. I just tried a couple of searches and didn't get one, but their appearance is inconsistent. I will try over the next few hours and see what happens. They only show up once in a while.
Deucebot
Active Member
 
Posts: 8
Joined: March 25th, 2011, 5:17 pm

Re: Google Hijacked

Unread postby Deucebot » April 3rd, 2011, 12:33 pm

I was unable to duplicate the problem this morning - seems like you may have solved it for me. Thank you!

Any idea what it could have been or suggestions to prevent in the future?
Deucebot
Active Member
 
Posts: 8
Joined: March 25th, 2011, 5:17 pm

Re: Google Hijacked

Unread postby artur19 » April 4th, 2011, 5:25 am

Seems like you may have solved it for me. good day
artur19
Active Member
 
Posts: 1
Joined: April 4th, 2011, 5:18 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 379 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware