Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search Engine Results Redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Search Engine Results Redirected

Unread postby jennebelle » April 1st, 2011, 10:18 pm

Looks like this is a popular issue lately. Clicking on links from a google search open up other window. I found a strange looking scheduled task set up so I have deleted it. Ran various scans using AVG2011 that cleaned up various things but the problem remains. I also did a scan with Panda and cleaned up what it reported (a bunch of cookies and an infected svchosts.exe) and still the problem remains. I had an infected svchost.exe file but I think it's clean now (but can't be sure). I ran combofix (had to uninstall my AVG2011 to get it to run) but I'm at a loss for what to do next. Please help!

Thanks.

Jennie

DDS.txt:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by adajen at 20:03:38.26 on 01/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1021.552 [GMT -6:00]
.
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\adajen.HOME\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [D-Link Wireless G WUA-1340] c:\program files\d-link\wireless g wua-1340\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
Trusted Zone: musicmatch.com\online
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.4.3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://costco.pnimedia.com/upload/activ ... ontrol.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\adajen~1.hom\applic~1\mozilla\firefox\profiles\zo3sve3l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT24057 ... hSource=13
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\adajen.home\application data\mozilla\firefox\profiles\zo3sve3l.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\adajen.home\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-3-24 28552]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [2005-12-19 4832]
R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [2005-12-19 6816]
R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [2005-12-19 6336]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [2008-5-18 99248]
.
=============== Created Last 30 ================
.
2011-04-02 01:10:36 -------- d-sha-r- C:\cmdcons
2011-04-02 01:06:01 89088 ----a-w- c:\windows\MBR.exe
2011-04-02 01:06:01 256512 ----a-w- c:\windows\PEV.exe
2011-04-02 00:37:30 389120 ----a-w- c:\windows\system32\CF23595.exe
2011-03-25 02:53:46 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-03-25 02:53:06 -------- d-----w- c:\program files\Panda Security
2011-03-25 02:52:59 178152 ----a-w- c:\temp\activescan2_en.exe
2011-03-25 00:47:53 -------- d-----w- C:\Binaries
2011-03-25 00:47:52 -------- d-----w- C:\MSSoap
2011-03-25 00:47:35 -------- d-----w- c:\program files\UFile 2010
.
==================== Find3M ====================
.
2011-03-02 02:54:32 4288 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-03-02 02:54:32 104 --sh--r- c:\windows\system32\17DF67926F.sys
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_7L250S0 rev.BACE1G10 -> Harddisk0\DR0 -> \Device\00000032
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F5C439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f627d0]; MOV EAX, [0x86f6284c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F71AB8]
3 CLASSPNP[0xF74E6FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86F727E8]
\Driver\nvatabus[0x86F33940] -> IRP_MJ_CREATE -> 0x86F5C439
error: Read Incorrect function.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000066 -> \??\IDE#DiskMaxtor_7L250S0__________________________BACE1G10#354C38395154473320202020354C383951544733#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:05:36.46 ===============


Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 01/12/2005 8:08:00 PM
System Uptime: 01/04/2011 7:53:24 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0GC375
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3392/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 48.792 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1147: 30/12/2010 7:03:10 PM - System Checkpoint
RP1148: 31/12/2010 7:13:57 PM - System Checkpoint
RP1149: 01/01/2011 7:19:09 PM - System Checkpoint
RP1150: 02/01/2011 7:45:20 PM - System Checkpoint
RP1151: 04/01/2011 7:27:39 AM - System Checkpoint
RP1152: 05/01/2011 8:24:26 AM - System Checkpoint
RP1153: 06/01/2011 9:12:34 AM - System Checkpoint
RP1154: 07/01/2011 9:27:10 AM - System Checkpoint
RP1155: 09/01/2011 11:14:37 AM - System Checkpoint
RP1156: 10/01/2011 8:53:38 PM - System Checkpoint
RP1157: 12/01/2011 7:00:15 PM - Software Distribution Service 3.0
RP1158: 15/01/2011 1:45:35 PM - Removed Adobe Reader 6.0.1
RP1159: 15/01/2011 1:46:02 PM - Removed Adobe Reader 7.0
RP1160: 15/01/2011 1:46:16 PM - Installed Adobe Reader X.
RP1161: 16/01/2011 3:50:49 PM - System Checkpoint
RP1162: 17/01/2011 4:08:18 PM - System Checkpoint
RP1163: 18/01/2011 7:41:41 PM - System Checkpoint
RP1164: 20/01/2011 7:22:45 PM - System Checkpoint
RP1165: 21/01/2011 8:52:11 PM - System Checkpoint
RP1166: 22/01/2011 9:39:42 PM - System Checkpoint
RP1167: 23/01/2011 10:39:43 PM - System Checkpoint
RP1168: 24/01/2011 11:26:31 PM - System Checkpoint
RP1169: 26/01/2011 12:13:39 AM - System Checkpoint
RP1170: 27/01/2011 1:05:52 AM - System Checkpoint
RP1171: 28/01/2011 1:51:43 AM - System Checkpoint
RP1172: 28/01/2011 5:56:09 PM - Removed Google SketchUp 6
RP1173: 28/01/2011 5:56:21 PM - Removed Google SketchUp 6
RP1174: 28/01/2011 5:56:54 PM - Removed Google Earth
RP1175: 30/01/2011 5:35:20 PM - System Checkpoint
RP1176: 05/02/2011 5:22:05 PM - System Checkpoint
RP1177: 06/02/2011 6:44:23 PM - System Checkpoint
RP1178: 07/02/2011 7:36:34 PM - System Checkpoint
RP1179: 08/02/2011 5:50:41 PM - Software Distribution Service 3.0
RP1180: 09/02/2011 7:18:19 PM - System Checkpoint
RP1181: 10/02/2011 7:33:05 PM - System Checkpoint
RP1182: 12/02/2011 12:40:30 PM - System Checkpoint
RP1183: 13/02/2011 1:03:21 PM - System Checkpoint
RP1184: 14/02/2011 1:17:21 PM - System Checkpoint
RP1185: 15/02/2011 12:16:32 PM - Software Distribution Service 3.0
RP1186: 17/02/2011 4:32:11 PM - System Checkpoint
RP1187: 19/02/2011 10:11:37 AM - System Checkpoint
RP1188: 21/02/2011 1:06:48 PM - System Checkpoint
RP1189: 22/02/2011 6:29:31 PM - System Checkpoint
RP1190: 01/03/2011 6:55:31 PM - System Checkpoint
RP1191: 03/03/2011 8:06:33 PM - System Checkpoint
RP1192: 04/03/2011 8:42:01 PM - System Checkpoint
RP1193: 07/03/2011 2:09:45 PM - System Checkpoint
RP1194: 09/03/2011 7:00:17 PM - Software Distribution Service 3.0
RP1195: 10/03/2011 8:00:51 PM - System Checkpoint
RP1196: 12/03/2011 10:54:25 AM - System Checkpoint
RP1197: 13/03/2011 11:30:43 AM - System Checkpoint
RP1198: 13/03/2011 7:00:14 PM - Software Distribution Service 3.0
RP1199: 14/03/2011 11:05:21 PM - System Checkpoint
RP1200: 17/03/2011 2:09:11 PM - System Checkpoint
RP1201: 20/03/2011 11:44:45 AM - System Checkpoint
RP1202: 22/03/2011 8:10:51 PM - Restore Operation
RP1203: 22/03/2011 8:13:44 PM - Restore Operation
RP1204: 24/03/2011 6:30:33 PM - System Checkpoint
RP1205: 25/03/2011 6:58:01 PM - System Checkpoint
RP1206: 26/03/2011 7:40:16 PM - System Checkpoint
RP1207: 27/03/2011 7:59:47 PM - System Checkpoint
RP1208: 29/03/2011 11:36:49 PM - System Checkpoint
RP1209: 01/04/2011 7:00:07 PM - Removed AVG 2011
RP1210: 01/04/2011 7:01:35 PM - Removed AVG 2011
.
==== Installed Programs ======================
.
.
18 Wheels of Steel: Haulin'
18 WoS Across America
7-Zip 4.62
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 3.0
Adobe Reader 7.1.0
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Agatha Christie - Murder on the Orient Express
Air Mogul
ANIO Service
ANIWZCS2 Service
AOL (Choose which version to remove)
AOL Connectivity Services
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 3.0.9.3803
ASIO4ALL
AVI MPEG WMV Joiner
Big Fish Games: Game Manager
Bonjour
Canon Camera Access Library
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities MyCamera
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Capitalism II
Career Creator 2.1
Classic PhoneTools
Collab
Conquer 2.0
Corel Painter Essentials 2
Corel Photo Album 6
Creative MediaSource
Cruise Ship Tycoon
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
DellSupport
DiMAGE Image Viewer Utility
Direct Show Ogg Vorbis Filter (remove only)
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.0
DVDFab 6.2.1.8 (31/12/2009)
EA SPORTS online 2008
Empire: Total War
EverNote Plus
ffdshow [rev 1324] [2007-07-01]
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.4
FL Studio 8
FUJIFILM USB Driver
GameSpot Download Manager
Google Toolbar for Internet Explorer
Google Update Helper
GTK+ 2.6.9 runtime environment
Hollywood Tycoon
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2443685)
IL Download Manager
ImageMixer 3 SE Ver.6 Transfer Utility
ImageMixer 3 SE Ver.6 Video Tools
Intel(R) 537EP V9x DFV PCI Modem
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
John Deere American Farmer TM v1.0
Learn2 Player (Uninstall Only)
Lexmark 1400 Series
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Monopoly Tycoon
MOV Converter 3
Mozilla Firefox (3.6.15)
MSI v2 to redistribute Rigs of Rods
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4SP2
Musicmatch® Jukebox
Nero OEM
NHL® 08
nik Color Efex Pro 2.0 GE
NVIDIA Drivers
Panda ActiveScan 2.0
PDFCreator
Photodex Presenter
Picasa 3
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Pinnacle Video Driver
PowerDVD 5.5
QuickTax 2008
QuickTax 2009
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Segoe UI
Sid Meier's Civilization 4
SnagIt 8
Soap 3.0 Toolkit
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster X-Fi
Steam
Stronghold Crusader
Suneido Version 1.050901
Syberia
Tablet
The Experiment
The GIMP 2.2.9
The Godfather™ II
The Sims 2
The Sims 2 Nightlife
The Sims Deluxe Edition
Total Video2Dvd 2.81
Toxic Biohazard
UFile 2010
UFile Updater 2010
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2467659)
Update for Windows XP (KB971029)
VC80CRTRedist - 8.0.50727.4053
VideoFab Converter 1.0.1.8 Beta
Viewpoint Media Player
VIVA MEDIA GAME CENTER
Wacom JustWrite Office
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wireless G WUA-1340
WordPerfect Office 12
Yahtzee
.
==== Event Viewer Messages From Past Week ========
.
29/03/2011 6:27:46 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
29/03/2011 6:27:46 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
29/03/2011 6:27:46 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
27/03/2011 10:41:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvraid
27/03/2011 10:41:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdjCATSCustConnectService service to connect.
27/03/2011 10:41:20 AM, error: Service Control Manager [7000] - The lxdjCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/03/2011 10:24:00 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
01/04/2011 7:53:54 PM, error: Print [19] - Sharing printer failed + 1722, Printer SnagIt 8 share name Printer.
01/04/2011 7:16:34 PM, error: Service Control Manager [7034] - The Photoshop Elements Device Connect service terminated unexpectedly. It has done this 1 time(s).
01/04/2011 7:16:34 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor service terminated unexpectedly. It has done this 1 time(s).
01/04/2011 7:04:39 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
01/04/2011 6:27:33 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
01/04/2011 5:59:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
01/04/2011 5:56:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
01/04/2011 5:53:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================
jennebelle
Active Member
 
Posts: 11
Joined: April 1st, 2011, 10:08 pm
Advertisement
Register to Remove

Re: Search Engine Results Redirected

Unread postby askey127 » April 4th, 2011, 1:44 pm

Hi jennebelle,
Looks like this is a popular issue lately.
It's especially popular among those using P2P programs like Ares.
You also have outdated versions of Adobe Reader and Java. Both make your PC susceptible to infection.
We will remove the old Adobe and Java, and replace them after we get rid of the TDSS infection.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Adobe Reader 7.1.0
Ares 3.0.9.3803
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Disable CD Emulator(s)
We need to use powerful tools to investigate your system. *If* you are are using a CD Emulator (Daemon Tools, Alcohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since the hidden drivers from CD Emulators can be seen as a rootkit, we need to remove or disable them until disinfection is completed.

Please download DeFogger by jpshortstuff and save it to your desktop.
  • Double click DeFogger.exe to run the tool.
  • The application window will appear.
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK...DeFogger will now ask to reboot the machine...click OK. If not, reboot manually.
  • Do not re-enable these drivers until instructed or your system has been cleaned.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search Engine Results Redirected

Unread postby jennebelle » April 5th, 2011, 8:23 pm

Hey, thanks for the help. I uninstalled everything you listed except I did not see any entry for the Java Auto Updater.

The TDSSKiller did find something so I used the cure option and rebooted. Here is the log:

TDSSKiller.2.4.21.0_05.04.2011_18.18.27_log.txt

2011/04/05 18:18:27.0812 3352 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/05 18:18:28.0078 3352 ================================================================================
2011/04/05 18:18:28.0078 3352 SystemInfo:
2011/04/05 18:18:28.0078 3352
2011/04/05 18:18:28.0078 3352 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/05 18:18:28.0078 3352 Product type: Workstation
2011/04/05 18:18:28.0078 3352 ComputerName: HOME
2011/04/05 18:18:28.0078 3352 UserName: adajen
2011/04/05 18:18:28.0078 3352 Windows directory: C:\WINDOWS
2011/04/05 18:18:28.0078 3352 System windows directory: C:\WINDOWS
2011/04/05 18:18:28.0078 3352 Processor architecture: Intel x86
2011/04/05 18:18:28.0078 3352 Number of processors: 2
2011/04/05 18:18:28.0078 3352 Page size: 0x1000
2011/04/05 18:18:28.0078 3352 Boot type: Normal boot
2011/04/05 18:18:28.0078 3352 ================================================================================
2011/04/05 18:18:28.0359 3352 Initialize success
2011/04/05 18:18:35.0437 0340 ================================================================================
2011/04/05 18:18:35.0437 0340 Scan started
2011/04/05 18:18:35.0437 0340 Mode: Manual;
2011/04/05 18:18:35.0437 0340 ================================================================================
2011/04/05 18:18:35.0890 0340 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/05 18:18:35.0984 0340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/05 18:18:36.0046 0340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/05 18:18:36.0109 0340 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/05 18:18:36.0171 0340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/05 18:18:36.0265 0340 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/05 18:18:36.0328 0340 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/05 18:18:36.0359 0340 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/05 18:18:36.0390 0340 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/05 18:18:36.0406 0340 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/05 18:18:36.0437 0340 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/05 18:18:36.0468 0340 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/05 18:18:36.0531 0340 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/05 18:18:36.0593 0340 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/05 18:18:36.0687 0340 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/05 18:18:36.0812 0340 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
2011/04/05 18:18:36.0906 0340 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/05 18:18:36.0953 0340 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/05 18:18:37.0000 0340 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/05 18:18:37.0046 0340 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/05 18:18:37.0140 0340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/05 18:18:37.0187 0340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/05 18:18:37.0296 0340 atksgt (751c250affd10d54221027d07c9f4304) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/04/05 18:18:37.0359 0340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/05 18:18:37.0406 0340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/05 18:18:37.0437 0340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/05 18:18:37.0625 0340 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/05 18:18:37.0671 0340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/05 18:18:37.0718 0340 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/05 18:18:37.0750 0340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/05 18:18:37.0781 0340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/05 18:18:37.0828 0340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/05 18:18:37.0890 0340 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/05 18:18:37.0953 0340 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/05 18:18:38.0015 0340 ctac32k (05fb76214fc4b9f7dad99021b87ec25b) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/04/05 18:18:38.0062 0340 ctaud2k (59d126f743db2f16ad5dc020057ee3f9) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/04/05 18:18:38.0109 0340 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/04/05 18:18:38.0156 0340 ctprxy2k (34a8c98cf5fa4999e2df020ec1fd3444) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/04/05 18:18:38.0203 0340 ctsfm2k (b2ff1a68ca3f67d72caba71bfdcfb2e4) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/04/05 18:18:38.0234 0340 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/05 18:18:38.0296 0340 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/05 18:18:38.0359 0340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/05 18:18:38.0437 0340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/05 18:18:38.0500 0340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/05 18:18:38.0562 0340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/05 18:18:38.0593 0340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/05 18:18:38.0640 0340 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/05 18:18:38.0671 0340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/05 18:18:38.0750 0340 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/04/05 18:18:38.0781 0340 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/04/05 18:18:38.0828 0340 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/04/05 18:18:38.0890 0340 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/04/05 18:18:38.0937 0340 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/05 18:18:38.0968 0340 emupia (ac5f1a54b75d1941ccea7dfc37251c9b) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/04/05 18:18:39.0031 0340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/05 18:18:39.0125 0340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/05 18:18:39.0171 0340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/05 18:18:39.0203 0340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/05 18:18:39.0281 0340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/05 18:18:39.0312 0340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/05 18:18:39.0343 0340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/05 18:18:39.0375 0340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/05 18:18:39.0468 0340 GenPort (eddb7d3b76cdd82d17b6c6f5a5b0dfd4) C:\WINDOWS\system32\drivers\GenPort.sys
2011/04/05 18:18:39.0500 0340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/05 18:18:39.0578 0340 ha20x2k (ed4724ee042d7e76cdfa19fcbd801dd4) C:\WINDOWS\system32\drivers\ha20x2k.sys
2011/04/05 18:18:39.0625 0340 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/05 18:18:39.0656 0340 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/05 18:18:39.0750 0340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/05 18:18:39.0796 0340 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/05 18:18:39.0828 0340 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/05 18:18:39.0859 0340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/05 18:18:39.0890 0340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/05 18:18:39.0937 0340 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/05 18:18:40.0000 0340 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/04/05 18:18:40.0046 0340 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/04/05 18:18:40.0078 0340 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/04/05 18:18:40.0140 0340 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/05 18:18:40.0187 0340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/05 18:18:40.0234 0340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/05 18:18:40.0281 0340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/05 18:18:40.0328 0340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/05 18:18:40.0390 0340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/05 18:18:40.0453 0340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/05 18:18:40.0484 0340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/05 18:18:40.0531 0340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/05 18:18:40.0562 0340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/05 18:18:40.0578 0340 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/05 18:18:40.0625 0340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/05 18:18:40.0703 0340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/05 18:18:40.0812 0340 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/04/05 18:18:40.0890 0340 MapMem (f67c50b52be3c64016410ac77f3f727a) C:\WINDOWS\system32\drivers\MapMem.sys
2011/04/05 18:18:40.0953 0340 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2011/04/05 18:18:40.0984 0340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/05 18:18:41.0015 0340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/05 18:18:41.0062 0340 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/04/05 18:18:41.0093 0340 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/04/05 18:18:41.0125 0340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/05 18:18:41.0203 0340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/05 18:18:41.0234 0340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/05 18:18:41.0281 0340 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/05 18:18:41.0312 0340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/05 18:18:41.0406 0340 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/05 18:18:41.0453 0340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/05 18:18:41.0484 0340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/05 18:18:41.0531 0340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/05 18:18:41.0562 0340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/05 18:18:41.0593 0340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/05 18:18:41.0625 0340 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/05 18:18:41.0656 0340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/05 18:18:41.0687 0340 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/05 18:18:41.0734 0340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/05 18:18:41.0750 0340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/05 18:18:41.0796 0340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/05 18:18:41.0843 0340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/05 18:18:41.0875 0340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/05 18:18:41.0953 0340 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/05 18:18:42.0000 0340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/05 18:18:42.0046 0340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/05 18:18:42.0140 0340 NTRemap (af2457166f5d3649e3a99974a6a1d83a) C:\WINDOWS\system32\drivers\NTRemap.sys
2011/04/05 18:18:42.0187 0340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/05 18:18:42.0390 0340 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/05 18:18:42.0546 0340 nvatabus (52b64661469fa11e51c006099b251fa7) C:\WINDOWS\system32\drivers\nvatabus.sys
2011/04/05 18:18:42.0578 0340 NVENETFD (2f4ca0052a50d122b9f0a2efa52dfa67) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/04/05 18:18:42.0609 0340 nvnetbus (197779dde275445ab253667832120ea7) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/04/05 18:18:42.0656 0340 nvraid (9ca8859ca78eeb39ed3346a7bc89057b) C:\WINDOWS\system32\drivers\nvraid.sys
2011/04/05 18:18:42.0734 0340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/05 18:18:42.0765 0340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/05 18:18:42.0781 0340 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/05 18:18:42.0812 0340 ossrv (10bf60d011b332bdc4103fba4a7ac24d) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/04/05 18:18:42.0843 0340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/05 18:18:42.0859 0340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/05 18:18:42.0906 0340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/05 18:18:42.0937 0340 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/04/05 18:18:43.0000 0340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/05 18:18:43.0062 0340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/05 18:18:43.0093 0340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/05 18:18:43.0187 0340 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/04/05 18:18:43.0328 0340 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
2011/04/05 18:18:43.0406 0340 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/05 18:18:43.0453 0340 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/05 18:18:43.0515 0340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/05 18:18:43.0546 0340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/05 18:18:43.0562 0340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/05 18:18:43.0625 0340 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/05 18:18:43.0671 0340 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/05 18:18:43.0734 0340 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/05 18:18:43.0781 0340 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/05 18:18:43.0828 0340 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/05 18:18:43.0875 0340 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/05 18:18:43.0906 0340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/05 18:18:43.0953 0340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/05 18:18:44.0015 0340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/05 18:18:44.0046 0340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/05 18:18:44.0062 0340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/05 18:18:44.0093 0340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/05 18:18:44.0156 0340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/05 18:18:44.0218 0340 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/05 18:18:44.0265 0340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/05 18:18:44.0359 0340 RT73 (cb20f16afdba63707fb971e0922edec1) C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
2011/04/05 18:18:44.0437 0340 SbcpHid (aaf28ab6effd8990bfe20398e92f101e) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2011/04/05 18:18:44.0515 0340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/05 18:18:44.0546 0340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/05 18:18:44.0578 0340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/05 18:18:44.0609 0340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/05 18:18:44.0703 0340 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/05 18:18:44.0781 0340 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/05 18:18:44.0859 0340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/05 18:18:44.0890 0340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/05 18:18:44.0937 0340 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/05 18:18:45.0031 0340 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/04/05 18:18:45.0062 0340 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/04/05 18:18:45.0093 0340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/05 18:18:45.0140 0340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/05 18:18:45.0187 0340 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/05 18:18:45.0250 0340 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/05 18:18:45.0312 0340 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/05 18:18:45.0359 0340 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/05 18:18:45.0421 0340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/05 18:18:45.0578 0340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/05 18:18:45.0875 0340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/05 18:18:45.0984 0340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/05 18:18:46.0078 0340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/05 18:18:46.0171 0340 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/04/05 18:18:46.0187 0340 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/04/05 18:18:46.0218 0340 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/04/05 18:18:46.0250 0340 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2011/04/05 18:18:46.0281 0340 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/04/05 18:18:46.0312 0340 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/04/05 18:18:46.0343 0340 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/04/05 18:18:46.0359 0340 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/04/05 18:18:46.0390 0340 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/04/05 18:18:46.0453 0340 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/05 18:18:46.0531 0340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/05 18:18:46.0593 0340 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/05 18:18:46.0656 0340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/05 18:18:46.0750 0340 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/05 18:18:46.0843 0340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/05 18:18:46.0875 0340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/05 18:18:46.0890 0340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/05 18:18:46.0921 0340 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/05 18:18:46.0968 0340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/05 18:18:47.0015 0340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/05 18:18:47.0093 0340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/05 18:18:47.0140 0340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/05 18:18:47.0187 0340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/05 18:18:47.0218 0340 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/05 18:18:47.0265 0340 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/05 18:18:47.0312 0340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/05 18:18:47.0375 0340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/05 18:18:47.0437 0340 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/04/05 18:18:47.0484 0340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/05 18:18:47.0593 0340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/05 18:18:47.0640 0340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/05 18:18:47.0703 0340 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/05 18:18:47.0703 0340 ================================================================================
2011/04/05 18:18:47.0703 0340 Scan finished
2011/04/05 18:18:47.0703 0340 ================================================================================
2011/04/05 18:18:47.0718 0436 Detected object count: 1
2011/04/05 18:19:21.0328 0436 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/05 18:19:21.0328 0436 \HardDisk0 - ok
2011/04/05 18:19:21.0328 0436 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/05 18:19:26.0781 2960 Deinitialize success
jennebelle
Active Member
 
Posts: 11
Joined: April 1st, 2011, 10:08 pm

Re: Search Engine Results Redirected

Unread postby askey127 » April 6th, 2011, 6:52 am

jennebelle,
We are going to install Avira Antivir as your Antivirus, the run a scan with it.
We will follow that with a special scan using a tool called ComboFix.
Please do these tasks in order, and don't install, remove, or scan with anything else while we work on this.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Click the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)
Save the Installer to your desktop. The installer file will be named b]avira_antivir_personal_en.exe[/b]
-----------------------------------------------
Install Antivir
Double click the Avira Antivir Installer you saved on your desktop, and let it Install Antivir.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any item it finds.
IMPORTANT >> tell it to DELETE or QUARANTINE any items it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There will be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVIRA ANTIVIR
    Please navigate to the system tray on the bottom right hand corner and look for an open umbrella on red background (looks like this:Image )
    • Right click it and untick any of the options AntiVir Guard enable, Antivir Webguard enable, and Antivir Mailguard enable, that are present.
    • You should now see a closed umbrella on a red background (looks like this: Image )
    The AntiVir Guards are now disabled.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your Antivirus protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
  • Scan log from Antivir
  • log from ComboFix
Use separate replies if it's more convenient.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search Engine Results Redirected

Unread postby jennebelle » April 6th, 2011, 11:23 pm

The logs are too long to post in one post. Posting in parts:

Antivir log part 1:

Avira AntiVir Personal
Report file date: April 6, 2011 18:50

Scanning for 2572371 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOME

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 20:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 20:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 20:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 20:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 20:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 20:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 20:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 20:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 20:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 20:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 20:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 20:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 20:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 20:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 20:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 20:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 20:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 20:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 00:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 22:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 00:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 22:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 00:46:18
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 00:46:20
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 00:46:21
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 00:46:23
VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 00:46:25
VBASE026.VDF : 7.11.5.38 137216 Bytes 3/23/2011 00:46:27
VBASE027.VDF : 7.11.5.82 151552 Bytes 3/27/2011 00:46:28
VBASE028.VDF : 7.11.5.122 154112 Bytes 3/30/2011 00:46:30
VBASE029.VDF : 7.11.5.174 206336 Bytes 4/4/2011 00:46:32
VBASE030.VDF : 7.11.5.208 177664 Bytes 4/6/2011 00:46:34
VBASE031.VDF : 7.11.5.214 16896 Bytes 4/6/2011 00:46:34
Engineversion : 8.2.4.202
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 20:36:49
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 4/7/2011 00:47:06
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 20:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 20:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 4/7/2011 00:47:02
AEPACK.DLL : 8.2.4.15 524662 Bytes 4/7/2011 00:46:59
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/7/2011 00:46:55
AEHEUR.DLL : 8.1.2.96 3412341 Bytes 4/7/2011 00:46:54
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 20:36:41
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/7/2011 00:46:39
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 20:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 3/4/2011 20:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 20:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 20:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 20:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 20:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 20:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 20:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 20:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 20:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 20:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 20:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: April 6, 2011 18:50

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=1&ved=0cbuqfjaa&url=http%3a%2f%2fxhamster.com%2fmovies%2f105149%2fhairy_asian_gang_bang_with_mass_creampie.html&rct=j&q=asian%20gangbang%20creampie&ei=csvitii2nstmngeq1ygfaq&usg=afqjcnfboh9xl65nu-jhbvwvx6q7ysitdw
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=1&ved=0cciqfjaa&url=http%3a%2f%2fwww.imdb.com%2fname%2fnm0000375%2f&rct=j&q=robert%20downey%20jr%20movies&ei=i_zftboebikglafg1fddcw&usg=afqjcnfnnzwzdfkmkpogmq_cv-ulewpf0a
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=1&ved=0cckqfjaa&url=http%3a%2f%2fwww.myownbusiness.org%2fs2%2f&rct=j&q=what%20do%20i%20need%20in%20a%20business%20plan&ei=h75ltai4hc6s8abt25jocw&usg=afqjcnfboe5cg8nwiarvzp8pr0yjbngarw
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=10&ved=0cd8qfjaj&url=http%3a%2f%2fwww.asstr.org%2f~synette%2fmftd.html&rct=j&q=i%20had%20sex%20with%20my%20dad&ei=lo_ntoafbdgonwfc4ez6dw&usg=afqjcnhp8ueu_zaoyggqazgzw8csg-tw8w
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=10&ved=0cduqfjaj&url=http%3a%2f%2fwww.herebabes.com%2ffree%2fpics%2fthong%2fcameltoe.html&rct=j&q=bikini%20cameltoe%20dance&ei=dv7btlp5aqw4naew9dww&usg=afqjcnh8aai9q2tq1pxlc-k1o14nestxpw
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=10&ved=0cgmqfjaj&url=http%3a%2f%2fwatch-rescue-me-episodes.download-tvshows.com%2f&rct=j&q=rescue%20me%20season%206&ei=hcvntcsco4lhgafutajgdw&usg=afqjcnfz_ictaad3fvovh9bgxyuininuqw
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=13&ved=0ceaqfjam&url=http%3a%2f%2fwww.everythingscary.com%2f&rct=j&q=scary%20videos&ei=dhhotkitetx3naf32fei&usg=afqjcnhxp53jw53a2-ybmjhd1xhpmdsquq
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=14&ved=0ccaqfjadoao&url=http%3a%2f%2fwww.spike.com%2fvideo%2ffather-having-sex%2f2804505&rct=j&q=i%20like%20having%20sex%20with%20dad&ei=h-dntjxbfcwanqestlinaw&usg=afqjcnhu4kluxeir9qysvby5dgd13v5tca
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=2&ved=0cbkqfjab&url=http%3a%2f%2fwww.slutload.com%2fwatch%2f2tu3wzqgd%2f50-guys-cum-inside-her.html&rct=j&q=51%20guys%201%20slut&ei=fbdotk_ynjubnaeplyhedw&usg=afqjcne-o0yj_prkrpfpgvs-bxpy61ndsa
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=2&ved=0cbwqfjab&url=http%3a%2f%2fwww.dearcupid.org%2fquestion%2fhad-sex-with-my-cousin-we-are-both.html&rct=j&q=can%20preteens%20have%20sex&ei=lilotnxcdmkxnaem-6j_dw&usg=afqjcngchza3sacfw-ja_qvmotwu1xynlw
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=2&ved=0ccmqfjab&url=http%3a%2f%2fwww.cameltoepics.com%2f&rct=j&q=panty%20camel%20toe&ei=jg0qtefzdsnunaegkqxhdq&usg=afqjcnfmgtzl6kkdspinjauhf2qorkapka
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=2&ved=0ccuqfjab&url=http%3a%2f%2fau.answers.yahoo.com%2fquestion%2findex%3fqid%3d20100209005205aa2w3ol&rct=j&q=i'm%208%20and%20want%20sex&ei=_yhotlysk4scnaee7ptydw&usg=afqjcnehtu_sqzlz2rnpbgqdpd15gtqldg
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=3&ved=0cb4qfjac&url=http%3a%2f%2fwww.creampiegangbang.org%2f&rct=j&q=asian%20gangbang%20creampie&ei=csvitii2nstmngeq1ygfaq&usg=afqjcneirtwe4xmev7sow47c54fnz9-oda
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=3&ved=0ccaqfjac&url=http%3a%2f%2ftjshome.com%2fselftest.php&rct=j&q=colour%20blind%20test%20free&ei=ylbgtklmgcijnaej-42hdw&usg=afqjcngoxdrn3anktmlmoytylbfbzroqeg
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=3&ved=0ccaqfjac&url=http%3a%2f%2fwww.dearcupid.org%2fquestion%2fi-lost-my-virginity-age-9-to-a.html&rct=j&q=i%20lost%20my%20virginity%20to%20dad&ei=-ppntnj5bcx6naee1fjddw&usg=afqjcngw-u5f7ktiktlzqxhx9-iesrtq_a
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=3&ved=0cceqfjac&url=http%3a%2f%2fanswers.yahoo.com%2fquestion%2findex%3fqid%3d20090413174925aa3le55&rct=j&q=can%20preteens%20have%20sex&ei=lilotnxcdmkxnaem-6j_dw&usg=afqjcneeoq2io6xp-2o0y_giqyqgheizba
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=3&ved=0cciqfjac&url=http%3a%2f%2fwww.toledo-bend.com%2fcolorblind%2faboutcb.asp&rct=j&q=how%20many%20people%20are%20colour%20blind&ei=ibfgtlgxmmernwes5smqdw&usg=afqjcneezjr1syat2tdffzjqvhuldxhtna
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=3&ved=0cciqfjac&url=http%3a%2f%2fzoohere.com%2f&rct=j&q=free%20dog%20sex&ei=rcfito7khcq7nges2scnaw&usg=afqjcnhiausymr24fkfvfoil1l9motzo4a
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=3&ved=0ccqqfjac&url=http%3a%2f%2fwww.cargurus.com%2fcars%2fl-used-2009-ford-taurus-c21229&rct=j&q=2009%20ford%20touras%20sell%20price&ei=vknttpbely33sgav0s39dg&usg=afqjcneeozmgz0tztvtmecyqslaphp0jiw
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=3&ved=0ccsqfjac&url=http%3a%2f%2fwww.webdate.com%2fforum%2fsexuality%2fdo_girls_want_sex_as_much_as_guys&rct=j&q=i'm%208%20can%20i%20have%20sex&ei=9ftntmt2mo2bnafntnhedw&usg=afqjcnenpfw-onfihx4wzq9aowzldvxuxw
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=3&ved=0ccuqfjac&url=http%3a%2f%2fzooshock.com%2f&rct=j&q=animals%20cum%20in%20pussy&ei=mfuptez5e9winqemtzz1dq&usg=afqjcnfeehikpmzruckcoaxzaskblvwwxq
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=4&ved=0cb8qfjad&url=http%3a%2f%2fdaughterdreams.com%2f&rct=j&q=sex%20with%20sleeping%20dad&ei=mu7ntiq9lth_naf1s-ug&usg=afqjcnhxstsawmcflbtwegstqeb3oa5xsw
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=4&ved=0ccaqfjad&url=http%3a%2f%2fforum.xnxx.com%2fshowthread.php%3fp%3d612097&rct=j&q=i%20like%20incest%20with%20my%20dad&ei=ovdnto-0iyqhnwet3shxdw&usg=afqjcngd59lsyct-fc6n7g198eb2de19cg
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=4&ved=0ccuqfjad&url=http%3a%2f%2fgangbang.vidz.com%2f&rct=j&q=my%20first%20gangbang&ei=a_vntj2zoynqnqeekt3hdw&usg=afqjcnh7l9-ktrb3tztm7zlwc41xzwdvsg
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=4&ved=0ccwqfjad&url=http%3a%2f%2fwww.wisegeek.com%2fwhat-if-my-pap-smear-shows-lsil.htm&rct=j&q=reasons%20for%20second%20pap%20&ei=xxtuta_mjioblafbi9wkbw&usg=afqjcnfnpcm3vmqg8ry83gnlewimva7pxg
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=4&ved=0cdmqfjad&url=http%3a%2f%2fwww.mvscanada.ca%2fcar-shipping%2fsaskatoon-car-shipping%2f&rct=j&q=hauling%20cars%20saskatoon&ei=xbhltbrpcih_8aaomyy7cw&usg=afqjcnfmufydsx1mwta2_q-th7dyem-pqq
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=5&ved=0cciqfjae&url=http%3a%2f%2fwww.creampiegalleries.org%2funwantedcreampie%2f&rct=j&q=i%20took%20a%20bunch%20of%20creampies&ei=upzntomdfo6xngfgnowhcw&usg=afqjcnghadd6q3rv3se4tcdfdtozy4160g
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=5&ved=0cdeqfjae&url=http%3a%2f%2fwww.can-amtalk.com%2fforums%2findex.php%3fshowtopic%3d13256&rct=j&q=mxu500%20won't%20fire&ei=cwdxtzf2e4ablaf6w_iwbw&usg=afqjcne5wsjzlou8ecdc0mof8ogvtiahcg
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=6&ved=0cc4qfjaf&url=http%3a%2f%2fehealthforum.com%2fhealth%2ftopic38773.html&rct=j&q=i%20orgasm%20when%20i%20fall%20asleep&ei=hehptissms2qnwegnd2udq&usg=afqjcnfwx6z32vkbtaniqmzqljdzlwcjta
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=6&ved=0ccgqfjaf&url=http%3a%2f%2fboard.freeones.com%2farchive%2findex.php%2ft-109481.html&rct=j&q=most%20creampies%20ever&ei=2yvotkvtocgfnger0836dw&usg=afqjcnf1lfszttjgu7-wzfof5cisg9bjww
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=6&ved=0ccwqfjaf&url=http%3a%2f%2fdadtrygirl.com%2f&rct=j&q=sex%20with%20sleeping%20dad&ei=mu7ntiq9lth_naf1s-ug&usg=afqjcnekj1uvwp-2yifzi0tuzo3clky-pa
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=6&ved=0ccwqfjaf&url=http%3a%2f%2fwww.psychforums.com%2fsexual-abuse-incest%2ftopic54978.html&rct=j&q=i%20like%20incest%20with%20my%20dad&ei=ovdnto-0iyqhnwet3shxdw&usg=afqjcnf-z0rtjn76jqpk5fegil0z4ojhsw
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=8&ved=0cc4qfjah&url=http%3a%2f%2fwww.bloodalcohol.info%2fhow-alcohol-affects-your-body.php&rct=j&q=what%20alcohol%20does%20to%20your%20body&ei=9q7qtmsgfykusappktgicq&usg=afqjcne5xe3dxc1wsggizxzalmrdhjws9a
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=8&ved=0cdeqfjah&url=http%3a%2f%2fwww.bestbeastmovies.com%2f&rct=j&q=dog%20cum%20in%20pussy&ei=fpyptdcyhiutnwekienddg&usg=afqjcnhdkirup0saydxw6db5y2cts6pajw
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=8&ved=0cdmqfjah&url=http%3a%2f%2fwww.topix.com%2fforum%2fnews%2fsex%2ftvf3i7l2e7abgs4am%2fp2&rct=j&q=i%20like%20incest%20with%20my%20dad&ei=ovdnto-0iyqhnwet3shxdw&usg=afqjcnewwvisfxp8hegu3pingrpzaxhpvq
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=8&ved=0ceqqfjah&url=http%3a%2f%2fen.wikipedia.org%2fwiki%2fdecomposition&rct=j&q=body%20at%203%20months%20decomp&ei=z3pltjeqlpcjnqfs7mhydw&usg=afqjcnexst_5gjwn_ah-xomor4dud95ayg
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.google.ca/url?sa=t&source=web&cd=9&ved=0cgcqfjai&url=http%3a%2f%2fwww.directconnectauto.com%2f&rct=j&q=how%20to%20haul%20a%20car&ei=enfltbxylyt58aazym3mcw&usg=afqjcnfpmseehsi3ftrso7wpro0ktqwnng
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.gov.sk.ca/programs-services/health-safety/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.granturismo5.us/?page_id=9
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.grizzlycentral.com/forum/grizzly-electrical-lighting/17596-2003-griz-660-wont-start.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.gynsecondopinion.com/ovarian-cancer.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.happysexgames.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.hardsextube.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.healthchecksystems.com/alcohol.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.healthexpertadvice.org/forum/other-general-health-care/is-if-bad-for-you-to-drink-six-beers-a-day-98864.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.heaven666.org/15-dicks-in-one-slut-9622.php
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.helium.com/items/1216937-teen-sex-abuse-rape-aids-hiv
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.helium.com/knowledge/98657-do-women-want-sex-as-much-as-men-do
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.hereasians.com/free/movies/cameltoe/bikini.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.herebabes.com/free/pics/thong/cameltoe.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.herehomemade.com/free/pics/accidental/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.hhmi.org/senses/b130.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.homealonepetsitters.ca/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.homemoviestube.com/videos/2963/wife-gets-gangbanged-to-multiple-creampies.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.hondaatvforums.net/forums/honda-trx/7482-08-trx-400-wont-start-when-cold-wont-idel-also-want-upgrade.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.hondaforeman.com/146-honda-rancher-350-400-420/66037-420-wont-start-cold.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.hornygamer.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.hotonlinenews.com/kw/cameltoe.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.huntingnet.com/articles/how-to-score-your-trophy.aspx
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.i-am-bored.com/bored_link.cfm?link_id=28000
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.idontlikeyouinthatway.com/2007/12/comment_lindsay-lohan-is-a-huge-slut.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.imbmonsterbucks.com/info.php?id=88
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.imdb.com/genre/adult
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.imdb.com/name/nm0000375/bio
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.imdb.com/title/tt0106697/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.imdb.com/title/tt0137523/quotes
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.imdb.com/title/tt0477457/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.imdb.com/title/tt0780622/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.imdb.com/title/tt1192613/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.inoutstar.com/news/sienna-miller-scratches-her-bikini-cameltoe-6509.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.insiderpages.com/b/3719675905/yasmin-market-columbus
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.ip-adress.com/whois/rate-my-camel-toe.com.br
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.ironshrink.com/articles.php?artid=051217_attracted_to_my_daughter
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.ivillage.com/multiple-orgasms-tonight/4-a-283865
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.jokes.com/funny/whatever/no-arms--no-legs----urinal
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.justadventure.com/walkthroughs/tallyho/walkthroughs/nancy%20drew/stay%20tuned%20for%20danger/tuned.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.justmommies.com/boards/index.php?showtopic=703632
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.justrage.com/article.php/i_fucking_hate_my_parents
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.keezmovies.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.kickasstorrents.com/creampie-thai-virgin-powder-t2514262.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.kymco.com/inc/lib/download.asp?uploadfileguid=%7b2e665638-2b37-42bb-8b98-ab604e134cb8%7d
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.kymco.it/media/schede/allegati/mxu%20500i%20irs/impianto.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.kymco.se/kymco_download/manualer/en_mxu_500.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.labtestsonline.org/understanding/analytes/cbc/test.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.labtestsonline.org/understanding/analytes/tp/test.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.lamebook.com/folk-that/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.leaderpost.com/news/mother+among+five+dead+after+head+collision+near+saskatoon/3106956/story.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.legalaid.sk.ca/locations.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.letmewatchthis.com/watch-17289-the-vagina-monologues
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.life123.com/health/womens-health/abnormal-pap-smear/common-reasons-for-abnormal-pap-smear.shtml
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.likelike.com/advice/advice_id-68
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.lincolncanada.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.literotica.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.literotica.com/stories/showstory.php?id=52343
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.livescience.com/mysteries/070315_sex_sleep.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.livestrong.com/article/12493-female-orgasm/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.livestrong.com/article/208586-a-color-blindness-test-for-children/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.lotpro.com/cars/2009/ford/taurus_x
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.lovefilm.com/mobile/product/1795-judge-dredd.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.lpsg.org/73381-female-multiple-orgasms-amateur-video.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.lrws.gov.sk.ca/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.lrws.gov.sk.ca/legislation/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.lrws.gov.sk.ca/ohs
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.lulu.com/product/paperback/natural-harvest---a-collection-of-semen-based-recipes/5198959
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.mademan.com/mm/10-best-adult-movies.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.madmaturemovies.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.maniacworld.com/color_blind_test.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.mayoclinic.com/health/thyroid-disease/an00806
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.medhelp.org/posts/family-medicine/cervix-that-bleeds-easily-on-pelvic-exam/show/228088
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.medhelp.org/posts/relationships/gf-falls-asleep-during-foreplay/show/1048515
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.medhelp.org/posts/sexuality--relationships/why-does-doggy-style-hurt/show/741390
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.medhelp.org/posts/thyroid-cancer--nodules--hyperthyroidism/tpo-antibodies/show/263753
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.medicinenet.com/script/main/art.asp?articlekey=53847
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.medicinenet.com/thyroid_peroxidase_test/article.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.medindia.net/news/studying-body-decomposition-to-determine-time-of-death-pigs-could-come-in-handy-64023-1.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.mefeedia.com/tags/musicvideo,
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.menarebetterthanwomen.com/why-women-hate-sex/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.metacafe.com/watch/809365/useful_screwdriver_trick_hack/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.microsoft.com/business/en-us/resources/startups/business-plans-entities/how-to-write-a-business-plan.aspx
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.mirror.co.uk/life-style/real-life/2010/09/01/girl-with-no-legs-reveals-what-her-life-is-like-115875-22527790/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.mjchamber.com/business
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.mothering.com/community/forum/thread/162204/business-liscenses
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.motorcyclesurvey.com/reviews/kymco/agility_50/r1215/comments/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.msnbc.msn.com/id/3078759/ns/news-internet_underground/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.mudbog.net/forum/f8/atv-wont-start-winter-19575/index3.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.multiculturalcanada.ca/encyclopedia/a-z/p4/4
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.mvscanada.ca/car-shipping/saskatoon-car-shipping/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.mylovedmatures.com/free/pics/anorexic/pics.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.mymasturbation.com/male/swallowing.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.mynippon.com/fashion/thongs-bikini-women.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.myplick.com/view/407wdi_dngt/saskatchewan-vs-calgary-live-streaming-canadian-football-league-live-video-game-online-on-pc
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.myspace.com/brightlightsbigcityrecords
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.myspace.com/coetzel
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.myspace.com/djbtraits
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.myspace.com/j3concepts
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.myspace.com/rammstein
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.myspace.com/theslyestfox
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.mystore411.com/store/view/624231/canada/u-haul-saskatoon
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.naho.ca/inuit/e/resources/documents/alcoholandyourbody.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.naughtyfilipina.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.netdoctor.co.uk/ate/sexandrelationships/relationships/200318.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.netdoctor.co.uk/menshealth/feature/helpwithorgasms.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.newbienudes.com/photos/default.asp?at=u&sb=paulmapphart&ob=d
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.newmarketscooter.ca/_docs/a10_mxu_500irs.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.newstrategist.com/productdetails/sex.samplepgs.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.nlm.nih.gov/medlineplus/ency/article/003483.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.nytimes.com/2010/08/17/arts/television/17lake.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.ocrt-bctr.gc.ca/lnklns/larraj/ctllpr-eng.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.onlytorrents.com/search/50-guy-cream-pie-7-2009-dvd-xvid-anal-gangbang:relevancy
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.opticien-lentilles.com/daltonien_beta/new_test_daltonien.php
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.ottawa.ca/residents/animal_care/cats_dogs/clinic_en.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.ovinebydesign.com/index.php/about/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.pantypops.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.pblsask.ca/clinicprogram.shtml
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.pblsask.ca/pdf/legalservicessk.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.people.com/people/article/0,,20307481,00.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.pickmeupnews.com/karolina-kurkova-thong-bikini-ass/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.piercepioneer.com/news/2010/11/04/feature/rem-sleep.makes.you.horny.while.you.dream-3953885.shtml
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.playbca.com/events/pastnationalevents/2008bcanational8ballchampionships/allresultsbylastname/tabid/532/default.aspx
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.playforceone.com/pf1_games.php?mygame=the%20agency
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.pornhub.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.pornhub.com/view_video.php?viewkey=3a9e1bf42ae864329d56
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.pornhub.com/view_video.php?viewkey=b73c19c57acc4987b2d7
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.postonfire.com/users/unyhumadoca516
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.power-surge.com/educate/abnormalpaps_treatments.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.preteen-thru-teenage-parenting-action-guide.com/preteen-sexuality.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.propertysold.ca/answers/how_much_business_license_cost_bc-qna56120.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.prostate-cancer.org/education/riskases/laboratorytestsdefined.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.provoscooter.com/forum/archive/index.php/t-11990.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.psychforums.com/sexual-abuse-incest/topic54978.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.psychology4all.com/sleep.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.publications.gov.sk.ca/deplist.cfm?d=139&c=1000
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.publications.gov.sk.ca/details.cfm?p=292
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.purenudism.net/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.purple-twinkie.com/adultflash/orgasmgirl.php
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.qp.gov.sk.ca/documents/english/regulations/regulations/o1-1r1.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.questionhub.com/yahooanswers/20101125121456aazxmrn
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.rabbitsreviews.com/c49/celebrity.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.reddit.com/r/iama/comments/9jvur/i_lost_my_virginity_to_my_sister_ama/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.reunion.com/johnerickson/6/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.rightcelebrity.com/?p=104
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.rightcelebrity.com/?p=1348
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.rightcelebrity.com/?p=4379
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.roadrunnerrecords.com/blabbermouth.net/news.aspx?mode=article&newsitemid=143847
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.rooshv.com/i-dated-a-girl-who-was-in-a-gangbang-technically
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.rootsweb.ancestry.com/~cansacem/marienthal.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.rottentomatoes.com/m/girlfriend_experience/news/1822420/five_favorite_films_with_adult_film_star_sasha_grey
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.rottentomatoes.com/m/judge_dredd/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.saaclub.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.saskatoon.ca/departments/community%20services/planningdevelopment/businesslicensemappingandresearch/businessstart-upguide/pages/frequentlyaskedquestions.aspx
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.saskatoon.ca/departments/community%20services/planningdevelopment/businesslicensemappingandresearch/businessstart-upguide/pages/municipalrequirements.aspx
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.saskatooncitynews.ca/2010/11/2010-fall-business-profile-released.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.saskatoonlibrary.ca/index.php?option=com_content&task=view&id=1183&itemid=69
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.scarleteen.com/article/advice/how_do_you_tell_when_women_are_done_having_sex
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.scarleteen.com/article/body/anatomy_pink_parts_female_sexual_anatomy
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.scienceline.org/2006/09/ask-wenner-sex/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.scooterdiva.com/forum/viewtopic.php?f=14&t=4139
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.scribd.com/doc/18174312/kymco-mxu-500-onroad-en
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.scribd.com/doc/35063130/technics-precarity-and-exodus-in-rave-culture
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.seattlemarathon.org/assets/seattle+marathon+digital+assets/seattle+marathon/downloads/amica+insurance+seattle+marathon/registration+list.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.sex-videos.tv/video/843/amateur-girl-masturbating-with-toothbrush
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.sexualhealth.com/question/read/10099/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.sggee.org/research/cdn_passengers/quebec_1910.doc
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.sheknows.com/health-and-wellness/articles/814197/does-abstinence-only-sex-education-work-for-preteens-1
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.shipmyvehicle.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.shopinprivate.com/lelo-luna-beads.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.shopinsaskatoon.com/automotive/cars--minivans---trucks/page120/6/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.shufuni.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.sickestsites.com/miscellaneous.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.simplemarriage.net/how-to-want-sex-when-you-dont-feel-sexy.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.singersconnect.net/allergies.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.singingsuccess.tv/forums/vocal-health/12/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.skinnylove.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.skinnyteenporn.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.skltrailers.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.skltrailers.com/pj-car-hauler-trailers.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.slashfilm.com/ben-affleck-to-write-direct-and-star-in-the-town/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.slice.ca/advice/sliceblog/blogpost.aspx?sectionid=42&postid=31276
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.slutload.com/watch/1574rmkucig/best-creampies.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.slutload.com/watch/2tu3wzqgd/50-guys-cum-inside-her.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.slutload.com/watch/6fcjnanaso/teen-takes-multiple-creampies.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.slutload.com/watch/d9fh4tbqqit/perverted-dad-abused-sleeping-teen-babysitter.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.slutload.com/watch/ioxtq0s9g6c/woman-takes-six-creampies-with-no-cleanup.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.slutload.com/watch/sn4boozxwkw/milf-creampie-gangbang-party-1.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.slutload.com/watch/wj0hqymo6tw/dont-cum-in-my-pussy-but-he-did.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.slutload.com/watch/yvizxuanfbe/most-amazing-creampie-i-ever-saw.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.soccerreportextra.com/2010/12/the-rear-view-mirror-raves-and-rants-west-ham-stirs-as-does-ken-bates/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.sods.sk.ca/files/file/pdf/self-employment%20brochure.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.soompi.com/forums/topic/349256-16-year-old-girl-gang-raped-at-a-rave-party/page__st__40
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.soulcast.com/post/show/15482/why-don't-porn-stars-wear-condoms%3f%3f
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.spankwire.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.spankwire.com/amateur-girl-masturbating-with-toothbrush/video233319/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.spankwire.com/gangbang-creampie-cumpilation/video148894/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.spectacleworld.co.za/colour-blind.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.spike.com/video/father-having-sex/2804505
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.springerlink.com/index/k14277002784745n.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.squidoo.com/color-blind-test
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.steadyhealth.com/my_14_year_old_daughter_having_sex_t194707.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.steadyhealth.com/when_can_i_take_a_pregnancy_test_after_sex_please_help_t71147.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.storm-motor.fi/en/osat/monkijat/kymco/mxu-500/2012/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.sugardvd.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.sweetasspanties.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tcmwell.com/tcmandlife/tcmfemale/several-common-reasons-for-abnormal-pap-smears.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.teenhelp.org/forums/f31-why-me/t53480-fuck-my-dad-again/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.teensinasia.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.teenstockings.co.cc/13-year-old-bikini.php
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.thebody.com/index/aidsart/adult_film.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.thefrisky.com/post/246-frisky-qa-samantha-bee-of-the-daily-show-part-2/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.thefrisky.com/post/246-quick-pic-toothbrushes-gettin-down-and-dirty/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.theglobeandmail.com/news/national/british-columbia/one-charged-in-alleged-rave-assault/article1733847/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.theglobeandmail.com/news/national/british-columbia/photos-of-gang-rape-go-viral-on-facebook/article1710072/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.thejump.net/hunting_articles/bc.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.thelaboroflove.com/articles/what-causes-the-softening-of-the-cervix
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.thestarphoenix.com/business/chicago+hauls+fantuz/4229490/story.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.thestarphoenix.com/pdf/5_the-economy.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.thesun.co.uk/sol/homepage/news/article2233878.ece
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.thirdage.com/articles/why-women-stop-having-sex-1
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tiava.com/search/?q=amputee&kwid=6054&c=1
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tiava.com/search/?q=panty%7cpanties&kwid=5666&c=1
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tinythongpanties.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tnaflix.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.toledo-bend.com/colorblind/aboutcb.asp
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.topix.com/forum/news/sex/torl1926mnb37cspg
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.topix.com/forum/news/sex/tvf3i7l2e7abgs4am/p2
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.torrentdownloads.net/searches/natasha+kiss+gangbang+creampie
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.torrents.net/find/5+guy+creampie+3/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.trance.tep.su/d/mp3/2009/rugsejis/27.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.transportreviews.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tshirthell.com/hell.shtml
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tube8.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tube8.com/amateur/homemade-creampie-gangbang/116867/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tube8.com/hardcore/anorexic-crack-whore/2757/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tube8.com/hardcore/mya-nichole-multiple-creampies/124461/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tubesfan.com/watch/keep-it-in-your-pants
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tv.com/rescue-me/show/24321/summary.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tvclip.biz/video/-sudw4ghve8/hott-4-hill-shes-hott-for-hillary.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.tvline.com/2011/03/greys-anatomy-callie-arizona-proposal-preview/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.twilightsex.com/creampie-movies.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.uic.edu/com/eye/learningaboutvision/eyefacts/colorblindness.shtml
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.uncensoredinterview.com/artists/dead-confederate
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.undergroundtgp.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.unwind.com/jokes-funnies/miscjokes/noarms.shtml
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.upskirtspyshots.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.urbandictionary.com/define.php?page=4&term=halloween
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.urbandictionary.com/define.php?term=hook-up%20slut
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.usask.ca/cme/articles/abnormalpap.shtml
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.usmagazine.com/momsbabies/news/kendra-im-too-tired-to-have-sex-201085
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.utterpants.co.uk/news/sex/texascheer.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.va-interactive.com/inbusiness/editorial/bizdev/ibt/business_plan.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.vancouversun.com/opinion/appalling+assault+made+worse+through+social+media/3543346/story.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.vcn.bc.ca/bcpoa/report%20conf2004.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.veoh.com/browse/videos/category/entertainment/watch/v608472zpjd6ahm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.viceland.com/int/v10n8/htdocs/cum.php
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.victoriassecret.com/catalogue/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.videosurf.com/no-condom-4-295728
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.vischeck.com/info/wade.php
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.voicelesson.com/html/faq/faq_03.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.wagntrain.com/separationanx.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.watchthisletme.com/watch-2996-strays
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.wattpad.com/707298-1
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.webdate.com/forum/sexuality/do_girls_want_sex_as_much_as_guys
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.webmd.com/sex-relationships/features/loss-of-sexual-desire-in-women
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.webmd.com/sex/features/sex-drive-how-do-men-women-compare
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.webmd.com/sexual-conditions/syphilis-tests
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.weeklybikini.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.westcoastgangbangs.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.westcoastgangbangs.com/wcgbhtml/mainr.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.wetpussygames.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.wetset.net/index.php?target=news
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.wetteenpanties.net/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.whitetaileddeer.ca/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.wickedlocal.com/roslindale/archive/x237711007/column-ben-affleck-makes-boston-look-like-nitwit-city
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.wikihow.com/detect-lies
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.win-free-stuff.ca/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.wisegeek.com/what-if-my-pap-smear-shows-lsil.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.wonderhowto.com/how-to-prepare-whitetail-deer-head-for-mounting-240499/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.worksafesask.ca/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.xnxx.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.xpornz.com/1+slut+blows+50+guys/20.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.xvideos.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.xvideos.com/video105517/daddy_plz_fuck_me
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.xvideos.com/video184569/innocent_blonde_having_multiple_orgasms
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.yellowpages.ca/search/si/1/towing+automotive/saskatoon,+sk
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.yorku.ca/robarts/projects/canada-watch/multicult/pdfs/james.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youngleafs.com/movies/panty.shtml
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youngsmut.com/bizarrepage.htm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youporn.com/watch/198082/women-has-multiple-orgasms-by-man-fingering-her/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.yourtango.com/200929252/how-man-people-have-you-slept
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/user/stlibee
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=05uc5gwq8ok
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=96nvtcuyais
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=9latxw2ybuu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=9sw4gigvfts
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=bopfc-5t1lu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=chtknn6uwem
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=ft_-vxqm2ds
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=ggbg4uybqeo
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=hubutde9um0
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=i6x8tm2esrm
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=j-6kthkmiqc
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=oh7zbj8nudy
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=oycdydqiluc
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=prp9ikzo9p0
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=vxvjbdjyveq
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=v_siqnd9bna
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=x3i4mvo9tis
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=xagrfd_qnn8
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.youtube.com/watch?v=y1rkowtygoq
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.yxe.ca/about/documents/publicrates11.pdf
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.zity.biz/docs/english/medfet/stories/my-second-pelvic-examination.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.zoolinks.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.zootube365.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www.zootube365.com/dog-sex/dog-fermale-cum-pussy/7282/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://www2.hu-berlin.de/sexology/atlas_en/html/orgasm_during_sleep.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://xhamster.com/movies/105149/hairy_asian_gang_bang_with_mass_creampie.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://xhamster.com/movies/267463/woman_takes_six_creampies_with_no_cleanup.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://xxxbunker.com/2_guys_1_indian_slut
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://your-nn.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://zmarter.com/select-country/two-more-people-charged-in-alleged-pitt-meadows-rave-rape-vancouver-sun.html
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://zomgsrsly.com/izzo-pain-in-pelvic-area/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://zoo-extreme.net/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://zoodump.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://zoohere.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://zooshock.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\http://zootube365.com/
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\https://www.mediguard.org/medication/view/yasmin
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Google\Google Toolbar\4.0\Quick Search\times
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
[NOTE] The registry entry is invisible.
jennebelle
Active Member
 
Posts: 11
Joined: April 1st, 2011, 10:08 pm

Re: Search Engine Results Redirected

Unread postby jennebelle » April 6th, 2011, 11:24 pm

Antivir log part 2:

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\cd042efbbd7f7af1647644e76e06692b
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\bca643cdc5c2726b20d2ecedcc62c59b
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\2c81e34222e8052573023a60d06dd016
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\2582ae41fb52324423be06337561aa48
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\caaeda5fd7a9ed7697d9686d4b818472
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\a4a1bcf2cc2b8bc3716b74b2b4522f5d
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\4d370831d2c43cd13623e232fed27b7b
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\1d68fe701cdea33e477eb204b76f993d
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\1fac81b91d8e3c5aa4b0a51804d844a3
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\f5f62a6129303efb32fbe080bb27835b
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\fd4e2e1a3940b94dceb5a6a021f2e3c6
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\8a8aec57dd6508a385616fbc86791ec2
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'wuauclt.exe' - '44' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'avgnt.exe' - '51' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'firefox.exe' - '121' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'iPodService.exe' - '30' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '57' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '84' Module(s) have been scanned
Scan process 'realsched.exe' - '40' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '71' Module(s) have been scanned
Scan process 'CTXFISPI.EXE' - '34' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '53' Module(s) have been scanned
Scan process 'lxdjamon.exe' - '53' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '83' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '28' Module(s) have been scanned
Scan process 'DLLML.exe' - '44' Module(s) have been scanned
Scan process 'VolPanel.exe' - '54' Module(s) have been scanned
Scan process 'CTDVDDET.EXE' - '24' Module(s) have been scanned
Scan process 'IntelMEM.exe' - '24' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '27' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '27' Module(s) have been scanned
Scan process 'Explorer.EXE' - '112' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '35' Module(s) have been scanned
Scan process 'Tablet.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '82' Module(s) have been scanned
Scan process 'PhotoshopElementsDeviceConnect.exe' - '26' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '42' Module(s) have been scanned
Scan process 'lxdjcoms.exe' - '27' Module(s) have been scanned
Scan process 'CTsvcCDA.EXE' - '9' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '49' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'spoolsv.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '49' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '183' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '69' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1887' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\adam\car ty\CarTycoon.exe

[0] Archive type: RAR SFX (self extracting)
--> Ctycoon.ace
[1] Archive type: ACE
--> myth.acm
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\6a58ef80-59f82289
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AK Java virus
--> glass/Glocker.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AK Java virus
--> glass/lulux.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AL Java virus
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\7d28e940-55b145c7
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.B Java virus
--> bpac/purok.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.B Java virus
--> bpac/Stremer.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\4\1a94e7c4-5bb50450
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.R Java virus
--> glass/lulux.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.R Java virus
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\7e6acaec-2f5d896b
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.R Java virus
--> glass/lulux.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.R Java virus
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\45\7a76276d-187a78fa
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AM Java virus
--> glass/Glocker.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AM Java virus
--> glass/lulux.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.R Java virus
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\8\6a21ec88-65cb4a02
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.N Java virus
--> glass/lulux.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.N Java virus
C:\Jennie\downloads\avg_free_stf_en_85_283a1450.exe
[WARNING] The file could not be read!
C:\Program Files\Photodex Presenter\pxplay.ocx
[DETECTION] Contains recognition pattern of the ADSPY/AdWeb.G adware or spyware
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\svchost.exe.vir.virus
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

Beginning disinfection:
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\svchost.exe.vir.virus
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4ce8834b.qua'.
C:\Program Files\Photodex Presenter\pxplay.ocx
[DETECTION] Contains recognition pattern of the ADSPY/AdWeb.G adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '5472acee.qua'.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\8\6a21ec88-65cb4a02
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.N Java virus
[NOTE] The file was moved to the quarantine directory under the name '05eff61f.qua'.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\45\7a76276d-187a78fa
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.R Java virus
[NOTE] The file was moved to the quarantine directory under the name '63c3b9d2.qua'.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\7e6acaec-2f5d896b
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.R Java virus
[NOTE] The file was moved to the quarantine directory under the name '264094e8.qua'.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\4\1a94e7c4-5bb50450
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.R Java virus
[NOTE] The file was moved to the quarantine directory under the name '595ea68d.qua'.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\7d28e940-55b145c7
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
[NOTE] The file was moved to the quarantine directory under the name '15ff8ac4.qua'.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\6a58ef80-59f82289
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AL Java virus
[NOTE] The file was moved to the quarantine directory under the name '69faca97.qua'.


End of the scan: April 6, 2011 20:54
Used time: 1:54:55 Hour(s)

The scan has been done completely.

21338 Scanned directories
468921 Files were scanned
11 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
8 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
468910 Files not concerned
4829 Archives were scanned
2 Warnings
8 Notes
676199 Objects were scanned with rootkit scan
394 Hidden objects were found
jennebelle
Active Member
 
Posts: 11
Joined: April 1st, 2011, 10:08 pm

Re: Search Engine Results Redirected

Unread postby jennebelle » April 6th, 2011, 11:24 pm

ComboFix log:

ComboFix 11-04-06.01 - adajen 06/04/2011 21:01:10.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1021.565 [GMT -6:00]
Running from: c:\documents and settings\adajen.HOME\Desktop\zzz.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\adajen.HOME\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 01:01 . 2011-04-07 01:01 -------- d-----w- c:\windows\LastGood
2011-04-07 00:50 . 2011-04-07 00:50 -------- d-----w- c:\documents and settings\adajen.HOME\Application Data\Avira
2011-04-07 00:44 . 2011-03-04 22:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-07 00:44 . 2011-03-04 20:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-07 00:44 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-07 00:44 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-07 00:44 . 2011-04-07 00:44 -------- d-----w- c:\program files\Avira
2011-04-07 00:44 . 2011-04-07 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-04-02 00:37 . 2011-04-02 00:37 389120 ----a-w- c:\windows\system32\CF23595.exe
2011-04-01 07:10 . 2011-04-01 07:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-03-25 02:53 . 2009-06-30 16:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-03-25 02:53 . 2011-03-25 02:53 -------- d-----w- c:\program files\Panda Security
2011-03-25 02:52 . 2011-03-25 02:52 178152 ----a-w- c:\temp\activescan2_en.exe
2011-03-25 00:47 . 2011-03-25 00:47 -------- d-----w- C:\Binaries
2011-03-25 00:47 . 2011-03-25 00:47 -------- d-----w- C:\MSSoap
2011-03-25 00:47 . 2011-03-25 00:50 -------- d-----w- c:\program files\UFile 2010
2011-03-24 16:44 . 2011-03-24 16:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-03-23 01:56 . 2011-03-23 02:11 -------- d-----w- c:\documents and settings\Administrator
2011-03-21 04:15 . 2011-03-21 04:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-03-21 04:15 . 2011-03-21 04:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-20 20:12 . 2011-03-20 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2011-03-20 19:08 . 2011-03-20 19:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-03-20 16:52 . 2011-03-20 16:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-10 18:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-10 18:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-10 19:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-10 19:01 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-10 18:51 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-10 18:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2008-02-28 20:30 . 2008-04-30 14:37 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 20:33 . 2008-04-30 14:37 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-02_01.36.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 01:45 . 2011-04-07 00:21 16116 c:\windows\system32\tablet.dat
- 2007-03-13 01:45 . 2011-04-02 01:03 16116 c:\windows\system32\tablet.dat
+ 2004-08-10 18:51 . 2011-04-07 00:25 86590 c:\windows\system32\perfc009.dat
- 2004-08-10 18:51 . 2011-04-02 01:07 86590 c:\windows\system32\perfc009.dat
+ 2011-04-07 00:44 . 2010-06-17 20:27 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2004-08-10 18:51 . 2011-04-07 00:25 477160 c:\windows\system32\perfh009.dat
- 2004-08-10 18:51 . 2011-04-02 01:07 477160 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"CTHelper"="CTHELPER.EXE" [2005-08-09 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 19968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-04-30 20480]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"D-Link Wireless G WUA-1340"="c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2005-12-15 2715648]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-16 274608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.6.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.6.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2005-11-30 16:35 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WUA-1340]
2005-12-15 18:19 2715648 ----a-w- c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-08 04:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-11-16 01:43 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Infogrames Interactive\\Monopoly Tycoon\\mc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdjcoms.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\App4R.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\X-Plane 9\\X-Plane.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Activision Value\\Cruise Ship Tycoon\\CruiseShipTycoon.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\Wireless\\lxdjwpss.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/03/2011 8:53 PM 28552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/04/2011 6:44 PM 135336]
R2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [19/12/2005 8:49 PM 4832]
R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [19/12/2005 8:49 PM 6816]
R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [19/12/2005 8:49 PM 6336]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [04/10/2004 4:47 AM 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 6:56 PM 135664]
S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [18/05/2008 6:55 PM 99248]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [04/10/2004 3:40 AM 118784]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SWPRV
*NewlyCreated* - VSS
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2790447198-724145772-2116016451-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2011-04-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2790447198-724145772-2116016451-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to EverNote - c:\program files\EverNote\EverNote\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
FF - ProfilePath - c:\documents and settings\adajen.HOME\Application Data\Mozilla\Firefox\Profiles\zo3sve3l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT24057 ... hSource=13
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-06 21:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:50,d2,18,04,30,48,f5,68,e6,b4,fc,2f,ce,dd,02,d8,f8,bb,f6,65,8d,4d,27,
84,65,2f,ed,b7,3d,28,93,34,e3,4d,83,2f,4f,16,78,88,26,b2,ab,f9,0c,34,72,1d,\
"??"=hex:5d,95,b5,67,d0,0d,1c,08,a4,a1,6c,3a,f0,62,80,38
.
[HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\SecuROM\License information*]
"datasecu"=hex:f3,56,4f,8e,a5,36,71,31,58,53,e8,3c,49,3b,91,5e,dd,7d,5f,ce,4a,
a9,f0,18,5c,3f,ba,09,d4,50,94,8f,86,fd,80,0a,cf,00,a4,36,df,44,c5,79,94,c0,\
"rkeysecu"=hex:43,b4,21,07,80,89,47,f0,fe,a9,56,b2,23,35,fe,15
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-06 21:13:27
ComboFix-quarantined-files.txt 2011-04-07 03:13
ComboFix2.txt 2011-04-02 01:43
ComboFix3.txt 2009-04-24 03:01
ComboFix4.txt 2009-04-23 22:25
.
Pre-Run: 53,321,457,664 bytes free
Post-Run: 53,490,339,840 bytes free
.
- - End Of File - - FD9F38E01D2B0874E052608FBCC516F1
jennebelle
Active Member
 
Posts: 11
Joined: April 1st, 2011, 10:08 pm

Re: Search Engine Results Redirected

Unread postby askey127 » April 7th, 2011, 6:48 am

jennebelle,
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 24 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.
During the Installation, be sure to UNCHECK any offer for McAfee Security Scan Plus. It's just adware.
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Choose Desktop as the location to save the installer and click Save again.
  • You should now have a desktop icon named mbam-setup.exe. Double-click it.
  • Let it install the program where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2011-mm-dd(hour-min-sec).txt
  • You can now delete the installer icon, named mbam-setup.exe from your desktop.

So we will be looking for the log from Malwarebytes' Anti-Malware.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search Engine Results Redirected

Unread postby jennebelle » April 8th, 2011, 8:31 pm

Java and Adobe have both been updated.

Malwarebytes' Anti-Malware log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6316

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/04/2011 6:29:06 PM
mbam-log-2011-04-08 (18-29-06).txt

Scan type: Quick scan
Objects scanned: 184143
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
jennebelle
Active Member
 
Posts: 11
Joined: April 1st, 2011, 10:08 pm

Re: Search Engine Results Redirected

Unread postby askey127 » April 9th, 2011, 7:27 am

jennebelle,
I see you have run ComboFix quite a few times before.
If you do that on your own, it could be dangerous to your machine.
In the long run, you will have to change your surfing habits, or no level of Security software will save you.
Those sites are packed with infections to modify your machine, steal your money and your account numbers
-------------------------------------------------------------
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard. Do Not copy the word "Code".
    Code: Select all
    RegLock::
    [HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:50,d2,18,04,30,48,f5,68,e6,b4,fc,2f,ce,dd,02,d8,f8,bb,f6,65,8d,4d,27,
    84,65,2f,ed,b7,3d,28,93,34,e3,4d,83,2f,4f,16,78,88,26,b2,ab,f9,0c,34,72,1d,\
    "??"=hex:5d,95,b5,67,d0,0d,1c,08,a4,a1,6c,3a,f0,62,80,38
    .
    
    [HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\SecuROM\License information*]
    "datasecu"=hex:f3,56,4f,8e,a5,36,71,31,58,53,e8,3c,49,3b,91,5e,dd,7d,5f,ce,4a,
    a9,f0,18,5c,3f,ba,09,d4,50,94,8f,86,fd,80,0a,cf,00,a4,36,df,44,c5,79,94,c0,\
    "rkeysecu"=hex:43,b4,21,07,80,89,47,f0,fe,a9,56,b2,23,35,fe,15
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe (zzz.exe) as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search Engine Results Redirected

Unread postby jennebelle » April 9th, 2011, 12:11 pm

I will be sure to pass the warning on to my husband.

ComboFix log:

ComboFix 11-04-08.03 - adajen 09/04/2011 9:46.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1021.540 [GMT -6:00]
Running from: c:\documents and settings\adajen.HOME\Desktop\zzz.exe
Command switches used :: c:\documents and settings\adajen.HOME\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))
.
.
2011-04-09 00:07 . 2011-04-09 00:07 -------- d-----w- c:\documents and settings\adajen.HOME\Application Data\Malwarebytes
2011-04-09 00:07 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 00:07 . 2011-04-09 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-09 00:07 . 2011-04-09 00:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 00:07 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-08 23:54 . 2011-04-08 23:59 48536984 ----a-w- c:\temp\AdbeRdr1001_en_US.exe
2011-04-08 23:53 . 2011-04-08 23:53 -------- d-----w- c:\program files\Common Files\Java
2011-04-08 23:53 . 2011-04-08 23:53 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-08 23:51 . 2011-04-08 23:52 16525088 ----a-w- c:\temp\jre-6u24-windows-i586.exe
2011-04-07 00:50 . 2011-04-07 00:50 -------- d-----w- c:\documents and settings\adajen.HOME\Application Data\Avira
2011-04-07 00:44 . 2011-03-04 22:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-07 00:44 . 2011-03-04 20:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-07 00:44 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-04-07 00:44 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-04-07 00:44 . 2011-04-07 00:44 -------- d-----w- c:\program files\Avira
2011-04-07 00:44 . 2011-04-07 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-04-02 00:37 . 2011-04-02 00:37 389120 ----a-w- c:\windows\system32\CF23595.exe
2011-04-01 07:10 . 2011-04-01 07:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-03-25 02:53 . 2009-06-30 16:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-03-25 02:53 . 2011-03-25 02:53 -------- d-----w- c:\program files\Panda Security
2011-03-25 02:52 . 2011-03-25 02:52 178152 ----a-w- c:\temp\activescan2_en.exe
2011-03-25 00:47 . 2011-03-25 00:47 -------- d-----w- C:\Binaries
2011-03-25 00:47 . 2011-03-25 00:47 -------- d-----w- C:\MSSoap
2011-03-25 00:47 . 2011-03-25 00:50 -------- d-----w- c:\program files\UFile 2010
2011-03-24 16:44 . 2011-03-24 16:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-03-23 01:56 . 2011-03-23 02:11 -------- d-----w- c:\documents and settings\Administrator
2011-03-21 04:15 . 2011-03-21 04:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-03-21 04:15 . 2011-03-21 04:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-20 20:12 . 2011-03-20 20:12 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2011-03-20 19:08 . 2011-03-20 19:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-03-20 16:52 . 2011-03-20 16:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 23:53 . 2010-04-17 02:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-09 13:53 . 2004-08-10 18:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-10 18:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-10 19:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-10 19:01 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-10 18:51 439296 ----a-w- c:\windows\system32\shimgvw.dll
2008-02-28 20:30 . 2008-04-30 14:37 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 20:33 . 2008-04-30 14:37 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-02_01.36.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-09 15:37 . 2011-04-09 15:37 16384 c:\windows\temp\Perflib_Perfdata_1b0.dat
+ 2007-03-13 01:45 . 2011-04-09 15:37 16116 c:\windows\system32\tablet.dat
- 2007-03-13 01:45 . 2011-04-02 01:03 16116 c:\windows\system32\tablet.dat
+ 2004-08-10 18:51 . 2011-04-09 15:41 86590 c:\windows\system32\perfc009.dat
- 2004-08-10 18:51 . 2011-04-02 01:07 86590 c:\windows\system32\perfc009.dat
+ 2011-04-07 00:44 . 2010-06-17 20:27 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2004-08-10 18:51 . 2011-04-02 01:07 477160 c:\windows\system32\perfh009.dat
+ 2004-08-10 18:51 . 2011-04-09 15:41 477160 c:\windows\system32\perfh009.dat
+ 2011-04-08 23:53 . 2011-04-08 23:53 157472 c:\windows\system32\javaws.exe
+ 2011-04-08 23:53 . 2011-04-08 23:53 145184 c:\windows\system32\javaw.exe
- 2010-10-15 05:55 . 2010-09-15 10:50 145184 c:\windows\system32\javaw.exe
+ 2011-04-08 23:53 . 2011-04-08 23:53 145184 c:\windows\system32\java.exe
- 2010-10-15 05:55 . 2010-09-15 10:50 145184 c:\windows\system32\java.exe
+ 2011-04-08 23:53 . 2011-04-08 23:53 180224 c:\windows\Installer\6aa7c.msi
+ 2011-04-08 23:53 . 2011-04-08 23:53 677376 c:\windows\Installer\6aa6e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"CTHelper"="CTHELPER.EXE" [2005-08-09 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 19968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-04-30 20480]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"D-Link Wireless G WUA-1340"="c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2005-12-15 2715648]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-16 274608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.6.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.6.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2005-11-30 16:35 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WUA-1340]
2005-12-15 18:19 2715648 ----a-w- c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-08 04:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-11-16 01:43 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Infogrames Interactive\\Monopoly Tycoon\\mc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdjcoms.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\App4R.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\X-Plane 9\\X-Plane.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Activision Value\\Cruise Ship Tycoon\\CruiseShipTycoon.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\Wireless\\lxdjwpss.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/03/2011 8:53 PM 28552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/04/2011 6:44 PM 135336]
R2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [19/12/2005 8:49 PM 4832]
R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [19/12/2005 8:49 PM 6816]
R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [19/12/2005 8:49 PM 6336]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [04/10/2004 4:47 AM 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 6:56 PM 135664]
S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [18/05/2008 6:55 PM 99248]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [04/10/2004 3:40 AM 118784]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2790447198-724145772-2116016451-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2011-04-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2790447198-724145772-2116016451-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to EverNote - c:\program files\EverNote\EverNote\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
FF - ProfilePath - c:\documents and settings\adajen.HOME\Application Data\Mozilla\Firefox\Profiles\zo3sve3l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT24057 ... hSource=13
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-09 09:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:50,d2,18,04,30,48,f5,68,e6,b4,fc,2f,ce,dd,02,d8,f8,bb,f6,65,8d,4d,27,
84,65,2f,ed,b7,3d,28,93,34,e3,4d,83,2f,4f,16,78,88,26,b2,ab,f9,0c,34,72,1d,\
"??"=hex:5d,95,b5,67,d0,0d,1c,08,a4,a1,6c,3a,f0,62,80,38
.
[HKEY_USERS\S-1-5-21-2790447198-724145772-2116016451-1006\Software\SecuROM\License information*]
"datasecu"=hex:f3,56,4f,8e,a5,36,71,31,58,53,e8,3c,49,3b,91,5e,dd,7d,5f,ce,4a,
a9,f0,18,5c,3f,ba,09,d4,50,94,8f,86,fd,80,0a,cf,00,a4,36,df,44,c5,79,94,c0,\
"rkeysecu"=hex:43,b4,21,07,80,89,47,f0,fe,a9,56,b2,23,35,fe,15
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(496)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-09 09:59:18
ComboFix-quarantined-files.txt 2011-04-09 15:59
ComboFix2.txt 2011-04-07 03:13
ComboFix3.txt 2011-04-02 01:43
ComboFix4.txt 2009-04-24 03:01
ComboFix5.txt 2011-04-09 15:43
.
Pre-Run: 50,240,942,080 bytes free
Post-Run: 50,199,789,568 bytes free
.
- - End Of File - - 92D37314FAD77D04AF750B4D8DDFEAE2
jennebelle
Active Member
 
Posts: 11
Joined: April 1st, 2011, 10:08 pm

Re: Search Engine Results Redirected

Unread postby jennebelle » April 9th, 2011, 12:11 pm

OTL.txt:

OTL logfile created on: 09/04/2011 10:07:47 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\adajen.HOME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,021.00 Mb Total Physical Memory | 529.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 46.84 Gb Free Space | 20.12% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: adajen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/09 10:05:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adajen.HOME\Desktop\OTL.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/15 19:43:03 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/09/16 14:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 17:18:00 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdjcoms.exe
PRC - [2007/04/30 14:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/12/05 22:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/11/11 05:07:32 | 001,212,416 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2005/07/11 11:34:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2005/06/16 18:25:28 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe


========== Modules (SafeList) ==========

MOD - [2011/04/09 10:05:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adajen.HOME\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2001/03/09 13:26:29 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/06/11 17:18:00 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdjcoms.exe -- (lxdj_device)
SRV - [2007/06/11 17:17:46 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe -- (lxdjCATSCustConnectService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/12/05 22:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2005/11/30 10:35:38 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2004/02/25 08:04:16 | 001,123,440 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/22 20:58:03 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/06/22 20:58:02 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/11/29 22:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2005/11/03 04:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/08/08 18:54:36 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/08/08 18:54:34 | 000,439,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2005/08/08 18:54:28 | 001,093,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2005/08/08 18:54:20 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/08/08 18:54:16 | 000,142,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/08/08 18:54:16 | 000,077,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/08/08 18:54:12 | 000,501,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/07/26 22:48:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/26 22:48:28 | 000,033,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/07/20 02:59:26 | 000,093,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/07/13 22:18:48 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/05/25 14:54:46 | 000,038,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [1997/10/08 03:04:06 | 000,006,816 | ---- | M] (3Dfx Interactive, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MAPMEM.SYS -- (MapMem)
DRV - [1997/10/08 03:04:06 | 000,006,336 | ---- | M] (3Dfx Interactive, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NTREMAP.SYS -- (NTRemap)
DRV - [1997/10/08 03:04:06 | 000,004,832 | ---- | M] (3Dfx Interactive, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\genport.sys -- (GenPort)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Radio Bar 2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2405727&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {7CEA821D-3DAB-4238-B424-BF7324531750}:0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:00:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/15 19:43:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/04/08 17:53:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 19:21:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/08 18:01:01 | 000,000,000 | ---D | M]

[2008/09/05 21:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Extensions
[2008/09/05 21:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/09 10:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Firefox\Profiles\zo3sve3l.default\extensions
[2010/09/18 09:59:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Firefox\Profiles\zo3sve3l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/21 10:40:25 | 000,000,000 | ---D | M] ("S3 Firefox Organizer(S3Fox)") -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Firefox\Profiles\zo3sve3l.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
[2010/06/23 07:25:10 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Firefox\Profiles\zo3sve3l.default\extensions\LogMeInClient@logmein.com
[2010/06/08 11:30:42 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Firefox\Profiles\zo3sve3l.default\searchplugins\conduit.xml
[2011/04/09 10:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/02 19:21:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/02 18:18:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/01/05 19:07:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/02 18:29:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/21 18:29:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/02/09 18:11:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/04/16 20:10:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/14 22:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/08 17:53:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/11/15 19:43:55 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/08 17:53:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/02 19:21:04 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/04/02 19:21:05 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2011/04/08 17:53:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/25 10:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2008/04/16 17:09:28 | 000,249,856 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npff_gdm.dll
[2007/11/02 09:05:21 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2011/04/02 19:21:07 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2011/01/30 09:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/11/15 19:43:35 | 000,151,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/12/18 12:11:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/18 12:11:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/18 12:11:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/12/18 12:11:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/18 12:11:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/18 12:11:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/18 12:11:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/05/19 14:57:00 | 002,641,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2010/11/15 19:44:34 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2010/11/15 19:43:13 | 000,100,352 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2008/03/12 13:04:10 | 000,086,016 | ---- | M] (SpiralFrog Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll
[2008/02/28 14:30:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2008/02/28 14:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll
[2011/03/24 20:43:08 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2011/03/24 20:43:08 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/03/24 20:43:54 | 000,002,359 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2011/03/24 20:43:08 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/03/24 20:43:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2011/03/24 20:43:08 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/03/24 20:43:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/03/24 20:43:08 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/04/01 19:35:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [lxdjamon] C:\Program Files\Lexmark 1400 Series\lxdjamon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to EverNote - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O9 - Extra 'Tools' menuitem : Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.3.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://costco.pnimedia.com/upload/activ ... ontrol.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.165.200.135 142.165.157.5
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - File not found
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\adajen.HOME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\adajen.HOME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/09 10:05:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\adajen.HOME\Desktop\OTL.exe
[2011/04/08 18:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adajen.HOME\Application Data\Malwarebytes
[2011/04/08 18:07:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/08 18:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 18:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/08 18:07:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/08 18:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/08 17:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/08 17:53:39 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/08 17:53:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/08 17:53:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/08 17:53:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/07 15:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adajen.HOME\My Documents\Flight Simulator Files
[2011/04/07 15:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/04/06 21:13:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/06 18:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adajen.HOME\Application Data\Avira
[2011/04/06 18:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/04/06 18:44:35 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/06 18:44:35 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/06 18:44:35 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/06 18:44:35 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/06 18:44:35 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/06 18:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/06 18:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/04/05 18:13:25 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\adajen.HOME\Desktop\tdsskiller.exe
[2011/04/01 21:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/01 19:10:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/01 18:37:30 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23595.exe
[2011/04/01 01:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/03/31 18:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/03/30 06:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/30 06:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/25 06:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adajen.HOME\My Documents\Downloads
[2011/03/24 20:53:46 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/03/24 20:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/03/24 18:47:53 | 000,000,000 | ---D | C] -- C:\Binaries
[2011/03/24 18:47:52 | 000,000,000 | ---D | C] -- C:\MSSoap
[2011/03/24 18:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UFile 2010
[2011/03/24 18:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\UFile 2010
[2011/03/24 10:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/03/20 22:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/03/20 22:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/20 22:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/20 13:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/03/20 13:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/03/20 10:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/20 10:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/11/29 20:40:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\adajen.HOME\Application Data\pcouffin.sys
[2008/05/18 18:51:22 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjhcp.dll
[2008/05/18 18:51:21 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjserv.dll
[2008/05/18 18:51:21 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjusb1.dll
[2008/05/18 18:51:21 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjinpa.dll
[2008/05/18 18:51:21 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjiesc.dll
[2008/05/18 18:51:20 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjpmui.dll
[2008/05/18 18:51:20 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjlmpm.dll
[2008/05/18 18:51:20 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjih.exe
[2008/05/18 18:51:20 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjprox.dll
[2008/05/18 18:51:20 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjpplc.dll
[2008/05/18 18:51:17 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjhbn3.dll
[2008/05/18 18:51:16 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcomc.dll
[2008/05/18 18:51:16 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcoms.exe
[2008/05/18 18:51:16 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcomm.dll
[2008/05/18 18:51:16 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcfg.exe
[2005/11/17 09:51:34 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2005/11/17 09:51:32 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/11/24 13:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/09 10:07:43 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2790447198-724145772-2116016451-1006.job
[2011/04/09 10:07:43 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2790447198-724145772-2116016451-1006.job
[2011/04/09 10:05:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adajen.HOME\Desktop\OTL.exe
[2011/04/09 09:42:38 | 004,317,403 | R--- | M] () -- C:\Documents and Settings\adajen.HOME\Desktop\zzz.exe
[2011/04/09 09:41:38 | 000,477,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/09 09:41:38 | 000,086,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/09 09:38:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 09:38:14 | 000,000,428 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/04/09 09:37:35 | 000,016,116 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/04/09 09:37:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/09 09:37:25 | 1071,157,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/09 00:16:55 | 000,064,988 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2011/04/09 00:16:55 | 000,054,672 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2011/04/09 00:16:55 | 000,054,672 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2011/04/09 00:16:55 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/09 00:16:55 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/08 18:26:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/04/08 18:07:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/08 18:01:02 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/08 17:53:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/08 17:53:21 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/08 17:53:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/08 17:53:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/08 17:53:21 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/07 15:34:45 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Flight Simulator 2004.lnk
[2011/04/06 18:44:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/06 18:33:21 | 051,349,520 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\Desktop\avira_antivir_personal_en.exe
[2011/04/05 18:14:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\defogger_reenable
[2011/04/05 18:13:34 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\adajen.HOME\Desktop\tdsskiller.exe
[2011/04/05 18:12:56 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\Desktop\Defogger.exe
[2011/04/05 18:04:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 17:51:55 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UFile 2010.lnk
[2011/04/03 18:30:07 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 20:03:00 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\Desktop\dds.scr
[2011/04/01 19:35:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/01 19:10:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/01 18:38:55 | 004,311,769 | R--- | M] () -- C:\Documents and Settings\adajen.HOME\Desktop\ComboFix.exe
[2011/04/01 18:37:06 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23595.exe
[2011/03/31 17:46:04 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/26 11:56:30 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\Desktop\Air Mogul.lnk
[2011/03/25 10:32:21 | 000,000,158 | ---- | M] () -- C:\WINDOWS\civ.ini
[2011/03/24 20:52:17 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2011/03/24 19:58:06 | 000,042,210 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\My Documents\__apps.cra-arc.gc.ca_ebci_fppp_mypymnt_prot_prntblvrsn.do.pdf
[2011/03/24 19:53:52 | 000,015,726 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\My Documents\Jennie&Adam.u10
[2011/03/24 19:52:55 | 000,001,285 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\My Documents\net10s_Adam_Hooper.TAX
[2011/03/24 19:52:51 | 000,002,048 | ---- | M] () -- C:\WINDOWS\System32\win32xm1.TXI
[2011/03/24 19:46:49 | 000,001,292 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\My Documents\net10h_Jennie_Hooper.TAX
[2011/03/22 19:53:27 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/09 09:42:01 | 004,317,403 | R--- | C] () -- C:\Documents and Settings\adajen.HOME\Desktop\zzz.exe
[2011/04/08 18:07:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 15:34:44 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Flight Simulator 2004.lnk
[2011/04/06 18:44:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/06 18:24:18 | 051,349,520 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Desktop\avira_antivir_personal_en.exe
[2011/04/05 18:14:57 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2790447198-724145772-2116016451-1006.job
[2011/04/05 18:14:57 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2790447198-724145772-2116016451-1006.job
[2011/04/05 18:14:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\defogger_reenable
[2011/04/05 18:12:56 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Desktop\Defogger.exe
[2011/04/01 20:02:58 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Desktop\dds.scr
[2011/04/01 19:06:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/01 19:06:01 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/01 18:24:48 | 1071,157,248 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/26 11:56:30 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Desktop\Air Mogul.lnk
[2011/03/24 19:58:02 | 000,042,210 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\My Documents\__apps.cra-arc.gc.ca_ebci_fppp_mypymnt_prot_prntblvrsn.do.pdf
[2011/03/24 19:52:55 | 000,001,285 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\My Documents\net10s_Adam_Hooper.TAX
[2011/03/24 19:46:49 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\My Documents\net10h_Jennie_Hooper.TAX
[2011/03/24 19:46:20 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\win32xm1.TXI
[2011/03/24 18:51:31 | 000,015,726 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\My Documents\Jennie&Adam.u10
[2011/03/24 18:47:40 | 000,002,221 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\UFile 2010.lnk
[2011/03/20 10:57:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/18 11:53:45 | 000,062,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/17 10:41:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/12/07 18:49:24 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\VERMONT1.DLL
[2009/12/07 18:49:24 | 000,019,040 | ---- | C] () -- C:\WINDOWS\System32\VRX1.DLL
[2009/12/07 18:49:23 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\SIMFARM.DLL
[2009/04/23 16:10:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/23 16:10:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/23 16:10:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/26 21:41:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2008/12/09 20:35:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/11/29 20:40:40 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Application Data\pcouffin.cat
[2008/11/29 20:40:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Application Data\pcouffin.inf
[2008/11/12 19:05:43 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/17 17:49:08 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2008/07/28 20:58:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/06/22 20:58:03 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/06/22 20:58:02 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/05/18 18:55:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdjvs.dll
[2008/05/18 18:55:30 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdjcoin.dll
[2008/05/18 18:51:34 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdjrwrd.ini
[2008/05/18 18:51:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\lxdjinst.dll
[2008/05/18 18:51:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdjgrd.dll
[2008/01/25 22:26:24 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Local Settings\Application Data\fusioncache.dat
[2007/11/27 19:45:47 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/11/27 19:45:47 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/11/27 19:45:46 | 000,686,080 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/11/27 19:45:46 | 000,684,549 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2007/11/27 19:45:46 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/11/27 19:45:46 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/11/27 19:45:46 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/11/27 19:45:46 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/11/27 19:45:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/11/27 19:45:46 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/11/27 19:45:46 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/11/27 19:45:46 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/11/27 19:45:46 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/11/27 19:45:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/11/27 19:45:46 | 000,052,736 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/09/25 20:53:55 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/12 20:01:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\TaskKeyHook.dll
[2007/03/12 19:45:46 | 000,016,116 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2006/11/10 22:54:52 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2006/11/10 22:54:49 | 000,000,158 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2006/11/02 10:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/10/28 12:10:44 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2006/08/29 21:08:47 | 000,001,835 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2006/04/01 21:13:02 | 000,000,524 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/04/01 20:31:51 | 000,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL
[2006/03/24 15:18:15 | 000,000,298 | ---- | C] () -- C:\WINDOWS\atl_save.ini
[2006/03/20 21:35:04 | 000,000,125 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2006/03/16 19:13:07 | 000,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2006/02/26 04:51:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/03 19:57:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/31 13:45:46 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/31 13:45:39 | 000,004,835 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/12/26 20:57:59 | 000,000,281 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/12/19 20:47:30 | 000,000,950 | ---- | C] () -- C:\WINDOWS\EReg176.dat
[2005/12/07 23:06:30 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll.off
[2005/12/07 23:06:30 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll.off
[2005/12/03 18:36:15 | 000,000,298 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2005/12/01 23:14:25 | 000,004,288 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/01 23:14:25 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\17DF67926F.sys
[2005/12/01 23:12:05 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Application Data\PFP120JPR.{PB
[2005/12/01 23:12:05 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Application Data\PFP120JCM.{PB
[2005/12/01 22:58:17 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/01 21:05:00 | 000,001,289 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/11/17 10:21:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/17 10:16:09 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/11/17 10:06:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/17 09:51:34 | 000,366,041 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/11/17 09:51:34 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2005/11/17 09:51:34 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2005/11/17 09:51:34 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2005/11/17 09:51:34 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2005/11/17 09:51:34 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2005/11/17 09:51:34 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/11/17 09:51:34 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/11/17 09:51:34 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/11/17 09:51:34 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2005/11/17 09:51:34 | 000,032,770 | ---- | C] () -- C:\WINDOWS\System32\xsorsul.dll
[2005/11/17 09:51:34 | 000,032,770 | ---- | C] () -- C:\WINDOWS\System32\vewuw2k.dll
[2005/11/17 09:51:34 | 000,023,554 | ---- | C] () -- C:\WINDOWS\System32\2ksrsul.dll
[2005/11/17 09:51:34 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/11/17 09:51:34 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/11/17 09:51:32 | 000,049,274 | ---- | C] () -- C:\WINDOWS\System32\claptn32.ini
[2005/11/17 09:51:08 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/11/17 09:50:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/11/17 09:50:44 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/16 02:21:34 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/12 00:40:58 | 003,145,728 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 00:39:48 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 00:39:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 00:40:16 | 000,517,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 02:16:08 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 11:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,477,160 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,086,590 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/10/06 12:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 17:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 17:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 17:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/05/25 14:54:46 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== LOP Check ==========

[2010/10/14 11:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\AVG10
[2009/03/29 18:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Divo Games
[2008/05/21 21:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\FUJIFILM
[2010/11/09 09:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\gnupg
[2005/12/04 16:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Leadertech
[2008/05/18 20:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Lexmark Productivity Studio
[2009/01/28 20:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\MoveFab
[2009/01/30 21:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\My Games
[2008/08/02 11:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\MyPublisher
[2008/01/14 18:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Netscape
[2010/12/16 18:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\PCDr
[2010/02/11 13:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Playrix Entertainment
[2007/10/26 19:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\SecondLife
[2006/10/14 15:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Smart Recorder
[2009/06/05 21:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\The Creative Assembly
[2009/06/07 13:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Ubisoft
[2010/05/29 18:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\ValuSoft
[2007/11/06 23:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Viewpoint
[2011/01/26 17:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\VirtualStore
[2010/01/02 12:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Vso
[2010/09/16 08:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/04/01 19:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/14 11:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2005/11/17 10:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/10/14 11:45:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/06/03 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/03/29 17:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/01/13 22:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/12/16 21:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/12/19 22:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2008/12/16 21:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2008/01/25 23:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/05/28 11:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/03/29 19:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/11/17 10:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/12/03 20:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2008/11/29 21:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/03/21 18:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/11 09:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/19 19:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9726EA15
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04560D68
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C74D7A47
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB

< End of report >
jennebelle
Active Member
 
Posts: 11
Joined: April 1st, 2011, 10:08 pm

Re: Search Engine Results Redirected

Unread postby jennebelle » April 9th, 2011, 12:12 pm

Extras.txt:

OTL Extras logfile created on: 09/04/2011 10:07:47 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\adajen.HOME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,021.00 Mb Total Physical Memory | 529.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 46.84 Gb Free Space | 20.12% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: adajen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Lexmark 1400 Series\app4r.exe" = C:\Program Files\Lexmark 1400 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Infogrames Interactive\Monopoly Tycoon\mc.exe" = C:\Program Files\Infogrames Interactive\Monopoly Tycoon\mc.exe:*:Disabled:Monopoly Tycoon -- (DeepRed Games Ltd)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxdjcoms.exe" = C:\WINDOWS\system32\lxdjcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" = C:\Program Files\Lexmark 1400 Series\lxdjamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 1400 Series\App4R.exe" = C:\Program Files\Lexmark 1400 Series\App4R.exe:*:Enabled:Printing Application -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Disabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Disabled:Studio -- (Pinnacle Systems)
"C:\X-Plane 9\X-Plane.exe" = C:\X-Plane 9\X-Plane.exe:*:Disabled:X-Plane -- ()
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Activision Value\Cruise Ship Tycoon\CruiseShipTycoon.exe" = C:\Program Files\Activision Value\Cruise Ship Tycoon\CruiseShipTycoon.exe:*:Enabled:CruiseShipTycoon -- (Cat Daddy Games)
"C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe" = C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Lexmark 1400 Series\Wireless\lxdjwpss.exe" = C:\Program Files\Lexmark 1400 Series\Wireless\lxdjwpss.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjjswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}" = EverNote Plus
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.4
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}" = Soap 3.0 Toolkit
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36592557-65CE-4A4D-9970-764F17E0AFD3}" = MSI v2 to redistribute Rigs of Rods
"{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
"{3CF44BDE-BDDC-4510-A5CF-EBE97D1B8F73}" = The Experiment
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{52B99BCA-6251-498F-88CA-420D31CBC8C7}" = Wacom JustWrite Office
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{585D96E5-1A6A-410C-8F5F-F606CA1CCE1C}" = UFile 2010
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
"{6323D880-0BD9-11D5-A569-00B0D0180C89}" = DiMAGE Image Viewer Utility
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{71FD28F7-E697-40B4-8DC9-91E8B1B9AEE9}" = Wireless G WUA-1340
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = The Godfather™ II
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}" = NHL® 08
"{A859FA27-05AF-4295-BF2C-A9D3A5A707EE}" = UFile Updater 2010
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4
"{B6060381-5C28-4F86-A31A-B5ADA7A1BD8D}" = Conquer 2.0
"{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}" = SnagIt 8
"{B946D46E-1302-48B4-84EE-B74C3191D975}" = Corel Painter Essentials 2
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{BF9BA346-27AA-4EE0-8333-FEA5400D2AA0}" = 18 WoS Across America
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FBEDD989-D0C3-4DF4-A41C-5FC9DD693E18}" = Agatha Christie - Murder on the Orient Express
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"18 Wheels of Steel: Haulin'" = 18 Wheels of Steel: Haulin'
"7-Zip" = 7-Zip 4.62
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Air Mogul" = Air Mogul
"America Online ca" = AOL (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"ASIO4ALL" = ASIO4ALL
"AVI MPEG WMV Joiner_is1" = AVI MPEG WMV Joiner
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Hollywood Tycoon" = Hollywood Tycoon
"CAL" = Canon Camera Access Library
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Capitalism II_is1" = Capitalism II
"Career Creator 2.1_is1" = Career Creator 2.1
"Collab" = Collab
"Cruise Ship Tycoon" = Cruise Ship Tycoon
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.0
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"ffdshow_is1" = ffdshow [rev 1324] [2007-07-01]
"FL Studio 8" = FL Studio 8
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"GameSpotDownloadManager" = GameSpot Download Manager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"InstallShield_{71FD28F7-E697-40B4-8DC9-91E8B1B9AEE9}" = Wireless G WUA-1340
"InstallShield_{BF9BA346-27AA-4EE0-8333-FEA5400D2AA0}" = 18 WoS Across America
"Intel(R) 537EP V9x DFV PCI Modem" = Intel(R) 537EP V9x DFV PCI Modem
"John Deere American Farmer_is1" = John Deere American Farmer TM v1.0
"Lexmark 1400 Series" = Lexmark 1400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MOV Converter 3" = MOV Converter 3
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"Nero - Burning Rom!UninstallKey" = Nero OEM
"nik Color Efex Pro 2.0 GE" = nik Color Efex Pro 2.0 GE
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"Photodex Presenter" = Photodex Presenter
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Steam App 10500" = Empire: Total War
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Suneido_is1" = Suneido Version 1.050901
"Tablet Driver" = Tablet
"Total Video2Dvd 2.81_is1" = Total Video2Dvd 2.81
"Toxic Biohazard" = Toxic Biohazard
"VideoFab Converter_is1" = VideoFab Converter 1.0.1.8 Beta
"ViewpointMediaPlayer" = Viewpoint Media Player
"VIVAGplayer" = VIVA MEDIA GAME CENTER
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.9
"WinGTK-2_is1" = GTK+ 2.6.9 runtime environment
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahtzeev1" = Yahtzee
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/04/2011 12:41:48 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10o.ocx, version 10.2.153.1, fault address 0x0039cb1a.

Error - 02/04/2011 12:48:45 AM | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 02/04/2011 12:48:45 AM | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 02/04/2011 12:48:45 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 02/04/2011 12:48:46 AM | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 02/04/2011 12:48:46 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 02/04/2011 12:58:49 AM | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 02/04/2011 12:58:49 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 02/04/2011 12:58:49 AM | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 02/04/2011 12:58:49 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 09/04/2011 12:43:32 AM | Computer Name = HOME | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 09/04/2011 12:43:58 AM | Computer Name = HOME | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 09/04/2011 12:44:10 AM | Computer Name = HOME | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 09/04/2011 12:44:26 AM | Computer Name = HOME | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 09/04/2011 2:07:47 AM | Computer Name = HOME | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 09/04/2011 11:37:34 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdjCATSCustConnectService
service to connect.

Error - 09/04/2011 11:37:34 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The lxdjCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 09/04/2011 11:37:56 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvraid

Error - 09/04/2011 11:46:36 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Photoshop Elements Device Connect service terminated unexpectedly.
It has done this 1 time(s).

Error - 09/04/2011 11:46:36 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor service terminated unexpectedly. It
has done this 1 time(s).


< End of report >
jennebelle
Active Member
 
Posts: 11
Joined: April 1st, 2011, 10:08 pm

Re: Search Engine Results Redirected

Unread postby askey127 » April 9th, 2011, 3:41 pm

jennebelle,
------------------------------------------------------
Warning - Compromised Data
Because the Rootkit Infection has had remote control access to your Internet activities, you should assume that any data on the machine may have been stolen.
Take whatever precautions you think sensible about any financial (credit cards, banking, etc.), or other critical information that has been passed through or stored on the machine.
I would suggest changing all account names/numbers, and passwords for ANY accounts that have been used with the machine.
That includes not only banking, credit cards, and financial, but also website and e-mail accounts as well.
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    [2010/10/14 11:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\AVG10
    [2011/04/01 19:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/10/14 11:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2405727&SearchSource=13"
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search Engine Results Redirected

Unread postby jennebelle » April 9th, 2011, 4:21 pm

OTL.txt:

OTL logfile created on: 09/04/2011 2:15:58 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\adajen.HOME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,021.00 Mb Total Physical Memory | 525.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 50.15 Gb Free Space | 21.55% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: adajen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/09 10:05:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adajen.HOME\Desktop\OTL.exe
PRC - [2011/04/02 19:21:05 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/15 19:43:03 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/09/16 14:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 17:18:00 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdjcoms.exe
PRC - [2007/04/30 14:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/12/05 22:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2005/11/11 05:07:32 | 001,212,416 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2005/08/08 19:10:18 | 000,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2005/07/11 11:34:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2005/06/16 18:25:28 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2011/04/09 10:05:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adajen.HOME\Desktop\OTL.exe
MOD - [2010/11/15 19:43:54 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2001/03/09 13:26:29 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/06/11 17:18:00 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdjcoms.exe -- (lxdj_device)
SRV - [2007/06/11 17:17:46 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe -- (lxdjCATSCustConnectService)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/12/05 22:00:44 | 000,753,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2005/11/30 10:35:38 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2004/02/25 08:04:16 | 001,123,440 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/22 20:58:03 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/06/22 20:58:02 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/11/29 22:50:42 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
DRV - [2005/11/03 04:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/08/08 18:54:36 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/08/08 18:54:34 | 000,439,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2005/08/08 18:54:28 | 001,093,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2005/08/08 18:54:20 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/08/08 18:54:16 | 000,142,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/08/08 18:54:16 | 000,077,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/08/08 18:54:12 | 000,501,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/07/26 22:48:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/26 22:48:28 | 000,033,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/07/20 02:59:26 | 000,093,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/07/13 22:18:48 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/05/25 14:54:46 | 000,038,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [1997/10/08 03:04:06 | 000,006,816 | ---- | M] (3Dfx Interactive, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MAPMEM.SYS -- (MapMem)
DRV - [1997/10/08 03:04:06 | 000,006,336 | ---- | M] (3Dfx Interactive, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NTREMAP.SYS -- (NTRemap)
DRV - [1997/10/08 03:04:06 | 000,004,832 | ---- | M] (3Dfx Interactive, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\genport.sys -- (GenPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Radio Bar 2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {7CEA821D-3DAB-4238-B424-BF7324531750}:0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/15 19:43:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 19:21:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/08 18:01:01 | 000,000,000 | ---D | M]

[2008/09/05 21:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Extensions
[2011/04/09 10:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Firefox\Profiles\zo3sve3l.default\extensions
[2010/09/18 09:59:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Firefox\Profiles\zo3sve3l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/21 10:40:25 | 000,000,000 | ---D | M] ("S3 Firefox Organizer(S3Fox)") -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Firefox\Profiles\zo3sve3l.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
[2010/06/23 07:25:10 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Firefox\Profiles\zo3sve3l.default\extensions\LogMeInClient@logmein.com
[2010/06/08 11:30:42 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\Application Data\Mozilla\Firefox\Profiles\zo3sve3l.default\searchplugins\conduit.xml
[2011/04/09 10:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 20:10:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/14 22:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/08 17:53:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/11/15 19:43:55 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/08 17:53:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/08 17:53:21 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/04/16 17:09:28 | 000,249,856 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npff_gdm.dll
[2007/11/02 09:05:21 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/05/19 14:57:00 | 002,641,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2008/03/12 13:04:10 | 000,086,016 | ---- | M] (SpiralFrog Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll
[2008/02/28 14:30:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2008/02/28 14:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2011/04/01 19:35:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [lxdjamon] C:\Program Files\Lexmark 1400 Series\lxdjamon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to EverNote - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O9 - Extra 'Tools' menuitem : Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (EverNote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.3.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://costco.pnimedia.com/upload/activ ... ontrol.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.165.200.135 142.165.157.5
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - File not found
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\adajen.HOME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\adajen.HOME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/09 14:10:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/09 14:10:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/09 10:05:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\adajen.HOME\Desktop\OTL.exe
[2011/04/08 18:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adajen.HOME\Application Data\Malwarebytes
[2011/04/08 18:07:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/08 18:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 18:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/08 18:07:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/08 18:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/08 17:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/07 15:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adajen.HOME\My Documents\Flight Simulator Files
[2011/04/07 15:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/04/06 21:13:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/06 18:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adajen.HOME\Application Data\Avira
[2011/04/06 18:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/04/06 18:44:35 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/06 18:44:35 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/06 18:44:35 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/06 18:44:35 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/06 18:44:35 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/06 18:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/06 18:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/04/05 18:13:25 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\adajen.HOME\Desktop\tdsskiller.exe
[2011/04/01 21:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/04/01 19:10:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/01 01:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/03/31 18:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/03/30 06:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/30 06:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/25 06:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adajen.HOME\My Documents\Downloads
[2011/03/24 20:53:46 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/03/24 20:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/03/24 18:47:53 | 000,000,000 | ---D | C] -- C:\Binaries
[2011/03/24 18:47:52 | 000,000,000 | ---D | C] -- C:\MSSoap
[2011/03/24 18:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UFile 2010
[2011/03/24 18:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\UFile 2010
[2011/03/24 10:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/03/20 22:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/03/20 22:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/20 22:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/20 13:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/03/20 13:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/03/20 10:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/20 10:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/11/29 20:40:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\adajen.HOME\Application Data\pcouffin.sys
[2008/05/18 18:51:22 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjhcp.dll
[2008/05/18 18:51:21 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjserv.dll
[2008/05/18 18:51:21 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjusb1.dll
[2008/05/18 18:51:21 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjinpa.dll
[2008/05/18 18:51:21 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjiesc.dll
[2008/05/18 18:51:20 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjpmui.dll
[2008/05/18 18:51:20 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjlmpm.dll
[2008/05/18 18:51:20 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjih.exe
[2008/05/18 18:51:20 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjprox.dll
[2008/05/18 18:51:20 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjpplc.dll
[2008/05/18 18:51:17 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjhbn3.dll
[2008/05/18 18:51:16 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcomc.dll
[2008/05/18 18:51:16 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcoms.exe
[2008/05/18 18:51:16 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcomm.dll
[2008/05/18 18:51:16 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcfg.exe
[2005/11/17 09:51:34 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2005/11/17 09:51:32 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/11/24 13:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/09 14:16:57 | 000,477,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/09 14:16:57 | 000,086,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/09 14:13:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 14:13:11 | 000,000,428 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/04/09 14:12:54 | 000,016,116 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/04/09 14:12:52 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2790447198-724145772-2116016451-1006.job
[2011/04/09 14:12:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/09 14:12:46 | 1071,157,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/09 14:12:13 | 000,064,988 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2011/04/09 14:12:13 | 000,054,672 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2011/04/09 14:12:13 | 000,054,672 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2011/04/09 14:12:13 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/09 14:12:13 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/09 14:10:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2790447198-724145772-2116016451-1006.job
[2011/04/09 10:53:13 | 000,002,048 | ---- | M] () -- C:\WINDOWS\System32\win32xm1.TXI
[2011/04/09 10:49:24 | 000,006,245 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\My Documents\Erin Hill tax 2010.u10
[2011/04/09 10:42:30 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UFile 2010.lnk
[2011/04/09 10:05:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adajen.HOME\Desktop\OTL.exe
[2011/04/09 09:42:38 | 004,317,403 | R--- | M] () -- C:\Documents and Settings\adajen.HOME\Desktop\zzz.exe
[2011/04/08 18:26:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/04/08 18:07:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/08 18:01:02 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/07 15:34:45 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Flight Simulator 2004.lnk
[2011/04/06 18:44:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/06 18:33:21 | 051,349,520 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\Desktop\avira_antivir_personal_en.exe
[2011/04/05 18:14:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\defogger_reenable
[2011/04/05 18:13:34 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\adajen.HOME\Desktop\tdsskiller.exe
[2011/04/05 18:12:56 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\Desktop\Defogger.exe
[2011/04/05 18:04:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/03 18:30:07 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 20:03:00 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\Desktop\dds.scr
[2011/04/01 19:35:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/01 19:10:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/01 18:38:55 | 004,311,769 | R--- | M] () -- C:\Documents and Settings\adajen.HOME\Desktop\ComboFix.exe
[2011/03/31 17:46:04 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/26 11:56:30 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\Desktop\Air Mogul.lnk
[2011/03/25 10:32:21 | 000,000,158 | ---- | M] () -- C:\WINDOWS\civ.ini
[2011/03/24 20:52:17 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2011/03/24 19:58:06 | 000,042,210 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\My Documents\__apps.cra-arc.gc.ca_ebci_fppp_mypymnt_prot_prntblvrsn.do.pdf
[2011/03/24 19:53:52 | 000,015,726 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\My Documents\Jennie&Adam.u10
[2011/03/24 19:52:55 | 000,001,285 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\My Documents\net10s_Adam_Hooper.TAX
[2011/03/24 19:46:49 | 000,001,292 | ---- | M] () -- C:\Documents and Settings\adajen.HOME\My Documents\net10h_Jennie_Hooper.TAX
[2011/03/22 19:53:27 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/09 10:50:02 | 000,006,245 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\My Documents\Erin Hill tax 2010.u10
[2011/04/09 09:42:01 | 004,317,403 | R--- | C] () -- C:\Documents and Settings\adajen.HOME\Desktop\zzz.exe
[2011/04/08 18:07:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/07 15:34:44 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Flight Simulator 2004.lnk
[2011/04/06 18:44:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/06 18:24:18 | 051,349,520 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Desktop\avira_antivir_personal_en.exe
[2011/04/05 18:14:57 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2790447198-724145772-2116016451-1006.job
[2011/04/05 18:14:57 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2790447198-724145772-2116016451-1006.job
[2011/04/05 18:14:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\defogger_reenable
[2011/04/05 18:12:56 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Desktop\Defogger.exe
[2011/04/01 20:02:58 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Desktop\dds.scr
[2011/04/01 19:06:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/01 19:06:01 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/01 18:24:48 | 1071,157,248 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/26 11:56:30 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Desktop\Air Mogul.lnk
[2011/03/24 19:58:02 | 000,042,210 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\My Documents\__apps.cra-arc.gc.ca_ebci_fppp_mypymnt_prot_prntblvrsn.do.pdf
[2011/03/24 19:52:55 | 000,001,285 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\My Documents\net10s_Adam_Hooper.TAX
[2011/03/24 19:46:49 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\My Documents\net10h_Jennie_Hooper.TAX
[2011/03/24 19:46:20 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\win32xm1.TXI
[2011/03/24 18:51:31 | 000,015,726 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\My Documents\Jennie&Adam.u10
[2011/03/24 18:47:40 | 000,002,557 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\UFile 2010.lnk
[2011/03/20 10:57:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/18 11:53:45 | 000,062,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/17 10:41:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/12/07 18:49:24 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\VERMONT1.DLL
[2009/12/07 18:49:24 | 000,019,040 | ---- | C] () -- C:\WINDOWS\System32\VRX1.DLL
[2009/12/07 18:49:23 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\SIMFARM.DLL
[2009/04/23 16:10:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/23 16:10:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/23 16:10:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/26 21:41:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2008/12/09 20:35:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/11/29 20:40:40 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Application Data\pcouffin.cat
[2008/11/29 20:40:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Application Data\pcouffin.inf
[2008/11/12 19:05:43 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/17 17:49:08 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2008/07/28 20:58:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/06/22 20:58:03 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/06/22 20:58:02 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/05/18 18:55:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdjvs.dll
[2008/05/18 18:55:30 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdjcoin.dll
[2008/05/18 18:51:34 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdjrwrd.ini
[2008/05/18 18:51:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\lxdjinst.dll
[2008/05/18 18:51:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdjgrd.dll
[2008/01/25 22:26:24 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Local Settings\Application Data\fusioncache.dat
[2007/11/27 19:45:47 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/11/27 19:45:47 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/11/27 19:45:46 | 000,686,080 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/11/27 19:45:46 | 000,684,549 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2007/11/27 19:45:46 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/11/27 19:45:46 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/11/27 19:45:46 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/11/27 19:45:46 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/11/27 19:45:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/11/27 19:45:46 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/11/27 19:45:46 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/11/27 19:45:46 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/11/27 19:45:46 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/11/27 19:45:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/11/27 19:45:46 | 000,052,736 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/09/25 20:53:55 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/12 20:01:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\TaskKeyHook.dll
[2007/03/12 19:45:46 | 000,016,116 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2006/11/10 22:54:52 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2006/11/10 22:54:49 | 000,000,158 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2006/11/02 10:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/10/28 12:10:44 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2006/08/29 21:08:47 | 000,001,835 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2006/04/01 21:13:02 | 000,000,524 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/04/01 20:31:51 | 000,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL
[2006/03/24 15:18:15 | 000,000,298 | ---- | C] () -- C:\WINDOWS\atl_save.ini
[2006/03/20 21:35:04 | 000,000,125 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2006/03/16 19:13:07 | 000,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2006/02/26 04:51:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/03 19:57:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/31 13:45:46 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/31 13:45:39 | 000,004,835 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/12/26 20:57:59 | 000,000,281 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/12/19 20:47:30 | 000,000,950 | ---- | C] () -- C:\WINDOWS\EReg176.dat
[2005/12/07 23:06:30 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll.off
[2005/12/07 23:06:30 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll.off
[2005/12/03 18:36:15 | 000,000,298 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2005/12/01 23:14:25 | 000,004,288 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/01 23:14:25 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\17DF67926F.sys
[2005/12/01 23:12:05 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Application Data\PFP120JPR.{PB
[2005/12/01 23:12:05 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Application Data\PFP120JCM.{PB
[2005/12/01 22:58:17 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\adajen.HOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/01 21:05:00 | 000,001,289 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/11/17 10:21:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/17 10:16:09 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/11/17 10:06:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/17 09:51:34 | 000,366,041 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/11/17 09:51:34 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2005/11/17 09:51:34 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2005/11/17 09:51:34 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2005/11/17 09:51:34 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2005/11/17 09:51:34 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2005/11/17 09:51:34 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/11/17 09:51:34 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/11/17 09:51:34 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/11/17 09:51:34 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2005/11/17 09:51:34 | 000,032,770 | ---- | C] () -- C:\WINDOWS\System32\xsorsul.dll
[2005/11/17 09:51:34 | 000,032,770 | ---- | C] () -- C:\WINDOWS\System32\vewuw2k.dll
[2005/11/17 09:51:34 | 000,023,554 | ---- | C] () -- C:\WINDOWS\System32\2ksrsul.dll
[2005/11/17 09:51:34 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/11/17 09:51:34 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/11/17 09:51:32 | 000,049,274 | ---- | C] () -- C:\WINDOWS\System32\claptn32.ini
[2005/11/17 09:51:08 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/11/17 09:50:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/11/17 09:50:44 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/16 02:21:34 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/12 00:40:58 | 003,145,728 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 00:39:48 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 00:39:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 00:40:16 | 000,517,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 02:16:08 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 11:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,477,160 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,086,590 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/10/06 12:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 17:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 17:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 17:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/05/25 14:54:46 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== LOP Check ==========

[2009/03/29 18:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Divo Games
[2008/05/21 21:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\FUJIFILM
[2010/11/09 09:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\gnupg
[2005/12/04 16:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Leadertech
[2008/05/18 20:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Lexmark Productivity Studio
[2009/01/28 20:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\MoveFab
[2009/01/30 21:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\My Games
[2008/08/02 11:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\MyPublisher
[2008/01/14 18:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Netscape
[2010/12/16 18:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\PCDr
[2010/02/11 13:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Playrix Entertainment
[2007/10/26 19:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\SecondLife
[2006/10/14 15:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Smart Recorder
[2009/06/05 21:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\The Creative Assembly
[2009/06/07 13:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Ubisoft
[2010/05/29 18:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\ValuSoft
[2007/11/06 23:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Viewpoint
[2011/01/26 17:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\VirtualStore
[2010/01/02 12:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adajen.HOME\Application Data\Vso
[2010/09/16 08:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2005/11/17 10:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/10/14 11:45:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/06/03 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/03/29 17:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/01/13 22:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/12/16 21:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/12/19 22:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2008/12/16 21:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2008/01/25 23:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/05/28 11:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/03/29 19:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/11/17 10:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/12/03 20:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2008/11/29 21:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/03/21 18:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/11 09:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/19 19:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9726EA15
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04560D68
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C74D7A47
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB

< End of report >
jennebelle
Active Member
 
Posts: 11
Joined: April 1st, 2011, 10:08 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware