Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirect Problem After Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirect Problem After Malware

Unread postby shane8960 » April 8th, 2011, 5:50 am

Ended up with some Malware on my machine a few days back. It was one of the fake anti virus ones - something along the lines of Windows XP Repair 2011.

Managed to get it removed eventually, however now still have a problem with redirects occasionally when searching in Google. Its not all results, probably once an hour or so.

I've attached the DDS files below:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Shane at 10:49:13.14 on 08/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2042 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Shane\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = xxx.xxx.xxx.xxx:xxxxx <-This is a private proxy which I know isnt connected to the problem.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [IBP]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Article Marketing Robot] c:\program files\article marketing robot\Article Marketing Robot.exe /startup
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 4474446062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\shane\applic~1\mozilla\firefox\profiles\raw8dy59.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl58bd5ff8;MpKsl58bd5ff8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{34dbe03a-1112-46da-a5ca-c2d7bb1bf9dc}\MpKsl58bd5ff8.sys [2011-4-8 28752]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-1-8 110240]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
S1 fdcgcaui;fdcgcaui;\??\c:\windows\system32\drivers\fdcgcaui.sys --> c:\windows\system32\drivers\fdcgcaui.sys [?]
S1 gyvzhjjc;gyvzhjjc;\??\c:\windows\system32\drivers\gyvzhjjc.sys --> c:\windows\system32\drivers\gyvzhjjc.sys [?]
S1 jztfnfkd;jztfnfkd;\??\c:\windows\system32\drivers\jztfnfkd.sys --> c:\windows\system32\drivers\jztfnfkd.sys [?]
S1 mqeoihwd;mqeoihwd;\??\c:\windows\system32\drivers\mqeoihwd.sys --> c:\windows\system32\drivers\mqeoihwd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-04-08 05:13:51 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{34dbe03a-1112-46da-a5ca-c2d7bb1bf9dc}\MpKsl58bd5ff8.sys
2011-04-07 12:39:35 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{34dbe03a-1112-46da-a5ca-c2d7bb1bf9dc}\mpengine.dll
2011-04-05 12:11:35 -------- d-----w- c:\docume~1\shane\locals~1\applic~1\Halvar Information
2011-04-05 12:11:14 -------- d-----w- c:\program files\hMailServer
2011-04-03 09:45:30 -------- d-----r- C:\Sandbox
2011-04-03 09:44:33 -------- d-----w- c:\program files\Sandboxie
2011-04-02 11:34:53 -------- d-----w- c:\docume~1\shane\locals~1\applic~1\Temporary Projects
2011-04-02 11:13:48 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-04-02 11:12:59 -------- d-----w- c:\windows\system32\RsFx
2011-04-02 09:27:11 -------- d-----w- c:\docume~1\shane\applic~1\Traffic Mystic IM Solutions
2011-04-02 06:37:41 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-04-01 12:43:10 135680 ----a-w- c:\windows\system32\Copy of taskmgr.exe
2011-04-01 10:40:55 0 ----a-w- c:\windows\Bxifi.bin
2011-04-01 10:40:52 -------- d-----w- c:\docume~1\shane\locals~1\applic~1\{A70A3FED-9E30-40DF-B91B-FA81679F3EA3}
2011-03-31 09:11:00 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-31 09:10:59 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-31 09:10:59 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-31 09:10:59 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-31 09:10:59 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-31 09:10:59 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-31 09:10:58 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-31 09:10:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-29 10:23:52 -------- d-----w- c:\docume~1\shane\locals~1\applic~1\MozSwing
2011-03-29 10:19:19 -------- d-----w- c:\program files\SEO PowerSuite
2011-03-28 16:15:23 -------- d-----w- c:\program files\scrapebox2
2011-03-17 18:16:38 -------- d-----w- c:\docume~1\shane\applic~1\EurekaLog
2011-03-10 09:38:45 -------- d-----w- c:\program files\VideoLAN
.
==================== Find3M ====================
.
2011-03-12 12:19:54 189257 ----a-w- c:\windows\Submitter Uninstaller.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-20 14:26:36 0 ----a-w- c:\windows\ativpsrm.bin
.
============= FINISH: 10:49:22.64 ===============



And then the next file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 08/01/2011 06:47:22
System Uptime: 08/04/2011 06:13:22 (4 hours ago)
.
Motherboard: Dell Inc. | | 0FM586
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 52.119 GiB free.
D: is Removable
E: is FIXED (NTFS) - 391 GiB total, 390.536 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is NetworkDisk (NTFS) - 152 GiB total, 147.528 GiB free.
J: is Removable
K: is Removable
Z: is NetworkDisk (NTFS) - 146 GiB total, 118.596 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_17F7&DEV_0001&SUBSYS_5555AAAA&REV_01\4&BB29FA6&0&08F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_17F7&DEV_0001&SUBSYS_5555AAAA&REV_01\4&BB29FA6&0&08F0
Service:
.
==== System Restore Points ===================
.
RP158: 01/04/2011 15:32:53 - System Checkpoint
RP159: 01/04/2011 15:53:27 - Installed xGen SEO
RP160: 01/04/2011 16:10:29 - Removed xGen SEO
RP161: 01/04/2011 16:18:08 - Installed xGen SEO
RP162: 01/04/2011 17:36:00 - Removed xGen SEO
RP163: 01/04/2011 18:23:00 - Installed xGen SEO
RP164: 02/04/2011 07:37:38 - Installed Microsoft SQL Server Compact 3.5 SP2 ENU
RP165: 02/04/2011 13:49:04 - Software Distribution Service 3.0
RP166: 02/04/2011 16:51:10 - Removed Adobe Acrobat X Pro - English, Français, Deutsch.
RP167: 02/04/2011 16:53:57 - Removed xGen SEO
RP168: 02/04/2011 16:55:35 - Removed Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
RP169: 02/04/2011 18:13:45 - Removed Microsoft Visual Studio Macro Tools
RP170: 03/04/2011 08:33:50 - Removed Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
RP171: 03/04/2011 08:35:21 - Installed Java(TM) 6 Update 24
RP172: 03/04/2011 08:40:03 - Removed Microsoft Visual F# 2.0 Runtime
RP173: 03/04/2011 08:40:39 - Removed Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
RP174: 03/04/2011 08:40:48 - Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
RP175: 03/04/2011 08:40:56 - Software Distribution Service 3.0
RP176: 03/04/2011 08:41:22 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
RP177: 04/04/2011 13:46:30 - Software Distribution Service 3.0
RP178: 05/04/2011 14:19:11 - Software Distribution Service 3.0
RP179: 07/04/2011 06:25:07 - Software Distribution Service 3.0
RP180: 07/04/2011 13:39:34 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader X
Article Marketing Robot
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
Core FTP LE 2.1
CutePDF Writer 2.8
Dell Resource CD
EPSON SX510W Series Printer Uninstall
FileZilla Client 3.3.5.1
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
IBP 11.7.4
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 15.8.76.0
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Accounting 2009
Microsoft Office Accounting 2009 Equifax Addin
Microsoft Office Accounting 2009 Fixed Asset Manager
Microsoft Office Accounting 2009 PayPal Addin
Microsoft Office Accounting 2009 Tax Integration Add-in
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 4.0 (x86 en-GB)
Notepad++
ODF Add-in for Microsoft Office
PDF Settings CS5
Rank Tracker
Realtek High Definition Audio Driver
Sandboxie 3.54 (32-bit)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Service Pack 1 for SQL Server 2008 (KB968369)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Skins
Spotify
Sql Server Customer Experience Improvement Program
Submitter
TheBestSpinner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.7
VNC Free Edition 4.1.3
Web Deployment Tool
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.00 beta 4 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
03/04/2011 08:25:04, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
02/04/2011 16:33:30, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/04/2011 16:27:12, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
02/04/2011 16:20:05, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
02/04/2011 16:14:32, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
01/04/2011 13:34:55, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
01/04/2011 12:44:12, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
01/04/2011 12:17:14, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
01/04/2011 12:06:59, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
01/04/2011 12:06:59, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
01/04/2011 12:06:59, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/04/2011 12:06:59, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/04/2011 12:06:59, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================


Any help will be greatly appreciated. Theres a few bits I have highlighted in S1 which look a little dodgy - not sure what they are about or if I should get rid of them though...

Malware Bytes & Microsoft Security Essentials both come back clear. TDSSKiller no longer finds any problems.

Thanks,

Shane
shane8960
Active Member
 
Posts: 7
Joined: April 7th, 2011, 2:16 am
Advertisement
Register to Remove

Re: Redirect Problem After Malware

Unread postby askey127 » April 9th, 2011, 7:41 am

Hi shane8960,
Ok, let's take a deeper look, and then we will get rid of all the "dodgy" looking Services.
Please don't scan, Install or remove anything unless I ask, until we are through.
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirect Problem After Malware

Unread postby shane8960 » April 9th, 2011, 7:52 am

Thanks. Scans complete and pasted below:

OTL.txt

OTL logfile created on: 09/04/2011 12:48:55 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Shane\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 75.13 Gb Total Space | 52.58 Gb Free Space | 69.99% Space Free | Partition Type: NTFS
Drive D: | 1.92 Gb Total Space | 1.31 Gb Free Space | 68.13% Space Free | Partition Type: FAT
Drive E: | 390.62 Gb Total Space | 390.54 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive I: | 151.60 Gb Total Space | 147.53 Gb Free Space | 97.31% Space Free | Partition Type: NTFS
Drive Z: | 146.48 Gb Total Space | 118.60 Gb Free Space | 80.96% Space Free | Partition Type: NTFS

Computer Name: SHANE-PC | User Name: Shane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/09 12:46:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
PRC - [2011/03/31 10:10:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/24 12:24:36 | 000,409,320 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2011/03/24 12:24:34 | 000,072,936 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/25 09:42:10 | 000,110,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2010/09/16 15:27:40 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/22 05:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/09 12:46:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Article Marketing Robot\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2011/03/24 12:24:34 | 000,072,936 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/25 09:42:10 | 000,110,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV - [2011/04/09 06:13:07 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD94DCDD-204B-4E9C-BBD4-D4C88CD3F119}\MpKsl984a3eb6.sys -- (MpKsl984a3eb6)
DRV - [2011/03/24 12:24:30 | 000,126,696 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/02/11 08:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/01/15 20:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = xxx.xxx.xxx.xxx:xxxxx

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.7.9
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/01/13 08:57:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A70A3FED-9E30-40DF-B91B-FA81679F3EA3}: C:\Documents and Settings\Shane\Local Settings\Application Data\{A70A3FED-9E30-40DF-B91B-FA81679F3EA3} [2011/04/01 11:40:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/03/01 15:57:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/31 10:11:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 16:51:50 | 000,000,000 | ---D | M]

[2011/03/29 11:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions
[2011/01/08 08:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/03/29 11:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/08 12:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\raw8dy59.default\extensions
[2011/01/13 10:57:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\raw8dy59.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/08 12:17:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\raw8dy59.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/04/03 08:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/31 10:11:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/01 15:57:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/03 08:35:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SHANE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RAW8DY59.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SHANE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RAW8DY59.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SHANE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RAW8DY59.DEFAULT\EXTENSIONS\RANKCHECKER@SEOBOOK.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SHANE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RAW8DY59.DEFAULT\EXTENSIONS\SM@SUBMITTER.NET.XPI
[2011/04/01 11:40:52 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\SHANE\LOCAL SETTINGS\APPLICATION DATA\{A70A3FED-9E30-40DF-B91B-FA81679F3EA3}
[2011/03/01 15:57:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/31 10:10:58 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2011/03/31 10:11:01 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 18:47:02 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/03/31 10:11:01 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/03/31 10:11:01 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 18:47:02 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/03/31 10:11:01 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/31 10:11:01 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/03/31 10:11:01 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/03/31 10:11:01 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/01 18:24:35 | 000,000,945 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Article Marketing Robot] C:\Program Files\Article Marketing Robot\Article Marketing Robot.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IBP] File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 4474446062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Shane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/08 07:45:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/09 12:46:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
[2011/04/08 11:06:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/08 06:15:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Shane\Recent
[2011/04/05 13:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\Halvar Information
[2011/04/05 13:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\hMailServer
[2011/04/03 10:45:30 | 000,000,000 | R--D | C] -- C:\Sandbox
[2011/04/03 10:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2011/04/03 10:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2011/04/03 08:35:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/03 08:35:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/03 08:35:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/02 16:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/02 16:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/02 16:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/02 16:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/02 12:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\Temporary Projects
[2011/04/02 12:13:48 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2011/04/02 12:12:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2011/04/02 12:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2008
[2011/04/02 11:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011/04/02 10:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\Traffic Mystic IM Solutions
[2011/04/02 07:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/04/01 13:43:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Copy of taskmgr.exe
[2011/04/01 13:37:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/01 11:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Start Menu\Programs\Windows Repair
[2011/04/01 11:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\{A70A3FED-9E30-40DF-B91B-FA81679F3EA3}
[2011/03/29 11:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\MozSwing
[2011/03/29 11:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\SEO PowerSuite
[2011/03/28 19:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Desktop\Scrapebox Experiment
[2011/03/28 17:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\scrapebox2
[2011/03/17 19:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\EurekaLog
[2011/03/14 16:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Start Menu\Programs\Notepad++
[2011/03/14 16:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2011/03/14 16:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/03/14 16:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\Notepad++
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/09 12:47:10 | 003,987,342 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\linkss.psd
[2011/04/09 12:46:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
[2011/04/09 06:13:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 06:12:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/07 06:57:56 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\dds.scr
[2011/04/05 16:16:56 | 000,461,972 | ---- | M] () -- C:\Documents and Settings\Shane\.spyglass.properties
[2011/04/05 13:24:25 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/05 13:17:28 | 000,536,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/05 13:17:28 | 000,106,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/05 11:13:01 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\TheBestSpinner_Export.dat
[2011/04/03 19:09:15 | 000,001,366 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2011/04/03 10:44:33 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Sandboxed Web Browser.lnk
[2011/04/03 10:44:33 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2011/04/02 18:17:51 | 003,559,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/02 16:34:53 | 000,012,128 | -HS- | M] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\6an53m750m7pvv7h43xhfs4q45rrn
[2011/04/02 16:34:53 | 000,012,128 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6an53m750m7pvv7h43xhfs4q45rrn
[2011/04/02 16:32:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/02 16:32:24 | 000,012,256 | -HS- | M] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\h761864ui02ly2y6522h63a002427t821qhl10x0b1
[2011/04/02 16:32:24 | 000,012,256 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\h761864ui02ly2y6522h63a002427t821qhl10x0b1
[2011/04/02 16:09:53 | 000,091,792 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\linking.jpg
[2011/04/02 11:20:35 | 000,000,980 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\XSETTINGS.LXS
[2011/04/02 11:20:15 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\XREG.LXS
[2011/04/02 11:07:29 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\default.arp
[2011/04/02 11:07:23 | 000,018,358 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\default29743.blw
[2011/04/02 10:52:48 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\DEBUG.SEOLR
[2011/04/02 10:13:15 | 000,001,272 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\XPROFILES.LXS
[2011/04/02 10:13:05 | 000,000,316 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\default.rss
[2011/04/02 09:57:13 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\default.soc
[2011/04/02 09:38:49 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\XPROXY.LXS
[2011/04/01 11:48:18 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19390260
[2011/04/01 11:48:17 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19390260r
[2011/04/01 11:48:06 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19390260
[2011/04/01 11:40:55 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Pkadirozilizodo.dat
[2011/04/01 11:40:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bxifi.bin
[2011/04/01 09:25:09 | 067,103,834 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\PHP-LD-Scrape-Raw.sic
[2011/04/01 07:07:49 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/03/31 17:17:25 | 014,571,117 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\pun-bb-scrape-raw.sic
[2011/03/31 09:42:56 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 11:19:54 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\SEO SpyGlass.lnk
[2011/03/29 11:19:46 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\LinkAssistant.lnk
[2011/03/29 11:19:38 | 000,001,960 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\WebSite Auditor.lnk
[2011/03/29 11:19:29 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Rank Tracker.lnk
[2011/03/28 11:19:43 | 000,019,984 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\general_styles.css
[2011/03/28 10:57:26 | 000,009,081 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\styles.css
[2011/03/27 17:22:00 | 000,702,900 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\design.psd
[2011/03/20 16:57:18 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Article Marketing Robot.lnk
[2011/03/20 12:32:48 | 000,766,766 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Untitled-1.psd
[2011/03/19 18:34:52 | 069,982,610 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Copy of pun-bb-scrape-raw.sic
[2011/03/19 03:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SHANE-PC-Shane.job
[2011/03/15 09:25:38 | 000,266,922 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Equifax Personal Solutions - Credit Report™ - Printed Version.pdf
[2011/03/12 13:19:54 | 000,189,257 | ---- | M] () -- C:\WINDOWS\Submitter Uninstaller.exe
[2011/03/12 13:19:54 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Submitter.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/09 12:47:08 | 003,987,342 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\linkss.psd
[2011/04/09 12:29:40 | 000,120,556 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Ultratemplate_v1.0.0.sic
[2011/04/07 06:57:51 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\dds.scr
[2011/04/05 13:24:25 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/03 10:44:49 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Sandboxed Web Browser.lnk
[2011/04/03 10:44:49 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2011/04/03 10:44:46 | 000,001,366 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/04/02 16:32:24 | 000,012,128 | -HS- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\6an53m750m7pvv7h43xhfs4q45rrn
[2011/04/02 16:32:24 | 000,012,128 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6an53m750m7pvv7h43xhfs4q45rrn
[2011/04/02 16:24:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/02 16:06:52 | 000,012,256 | -HS- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\h761864ui02ly2y6522h63a002427t821qhl10x0b1
[2011/04/02 16:06:52 | 000,012,256 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h761864ui02ly2y6522h63a002427t821qhl10x0b1
[2011/04/02 11:43:43 | 000,091,792 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\linking.jpg
[2011/04/02 11:07:29 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\default.arp
[2011/04/02 10:28:23 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\DEBUG.SEOLR
[2011/04/02 10:15:20 | 000,018,358 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\default29743.blw
[2011/04/02 09:57:31 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\default.rss
[2011/04/02 09:43:41 | 000,001,107 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\default.soc
[2011/04/02 09:39:13 | 000,001,272 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\XPROFILES.LXS
[2011/04/02 09:39:10 | 000,000,980 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\XSETTINGS.LXS
[2011/04/02 09:38:49 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\XPROXY.LXS
[2011/04/02 07:38:15 | 000,000,285 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\XREG.LXS
[2011/04/01 11:48:17 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260r
[2011/04/01 11:48:16 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260
[2011/04/01 11:48:06 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19390260
[2011/04/01 11:40:55 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pkadirozilizodo.dat
[2011/04/01 11:40:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bxifi.bin
[2011/04/01 07:57:42 | 067,103,834 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\PHP-LD-Scrape-Raw.sic
[2011/03/31 11:32:58 | 069,982,610 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Copy of pun-bb-scrape-raw.sic
[2011/03/31 10:11:08 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/29 18:48:35 | 000,461,972 | ---- | C] () -- C:\Documents and Settings\Shane\.spyglass.properties
[2011/03/29 11:19:54 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\SEO SpyGlass.lnk
[2011/03/29 11:19:46 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\LinkAssistant.lnk
[2011/03/29 11:19:38 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\WebSite Auditor.lnk
[2011/03/29 11:19:29 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Rank Tracker.lnk
[2011/03/28 10:58:10 | 000,019,984 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\general_styles.css
[2011/03/28 10:57:26 | 000,009,081 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\styles.css
[2011/03/27 17:18:10 | 000,702,900 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\design.psd
[2011/03/20 13:36:05 | 000,696,734 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\bloglinknetwork.psd
[2011/03/20 12:32:46 | 000,766,766 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Untitled-1.psd
[2011/03/17 21:45:11 | 014,571,117 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\pun-bb-scrape-raw.sic
[2011/03/15 09:25:35 | 000,266,922 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Equifax Personal Solutions - Credit Report™ - Printed Version.pdf
[2011/03/01 09:37:45 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/02/12 19:09:40 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/03 11:06:35 | 000,189,257 | ---- | C] () -- C:\WINDOWS\Submitter Uninstaller.exe
[2011/01/20 15:26:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/01/20 15:23:56 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/01/20 07:23:40 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/01/14 13:13:10 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\TheBestSpinner_Export.dat
[2011/01/10 08:25:51 | 000,277,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-1972579041-725345543-1003-0.dat
[2011/01/10 08:25:51 | 000,241,398 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/08 09:18:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/08 08:18:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/01/08 08:15:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/08 07:51:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2011/01/08 07:47:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/08 07:43:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/08 07:38:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/08 07:37:30 | 003,559,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/22 15:07:52 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2010/02/11 05:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 05:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/04/23 23:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/03/22 00:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 00:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,536,832 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,106,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/01/13 12:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/04/02 10:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/09 06:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Article Marketing Robot
[2011/03/08 15:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/04 17:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\CoreFTP
[2011/03/17 19:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\EurekaLog
[2011/04/09 06:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\FileZilla
[2011/04/09 08:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\IBP
[2011/03/14 16:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Notepad++
[2011/03/14 09:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Sick Marketing
[2011/02/28 15:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Spotify
[2011/04/02 10:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Traffic Mystic IM Solutions

========== Purity Check ==========



< End of report >
Last edited by shane8960 on April 9th, 2011, 8:03 am, edited 4 times in total.
shane8960
Active Member
 
Posts: 7
Joined: April 7th, 2011, 2:16 am

Re: Redirect Problem After Malware

Unread postby shane8960 » April 9th, 2011, 7:52 am

Extras.txt


OTL Extras logfile created on: 09/04/2011 12:48:55 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Shane\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 75.13 Gb Total Space | 52.58 Gb Free Space | 69.99% Space Free | Partition Type: NTFS
Drive D: | 1.92 Gb Total Space | 1.31 Gb Free Space | 68.13% Space Free | Partition Type: FAT
Drive E: | 390.62 Gb Total Space | 390.54 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive I: | 151.60 Gb Total Space | 147.53 Gb Free Space | 97.31% Space Free | Partition Type: NTFS
Drive Z: | 146.48 Gb Total Space | 118.60 Gb Free Space | 80.96% Space Free | Partition Type: NTFS

Computer Name: SHANE-PC | User Name: Shane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe:*:Enabled:Apache HTTP Server


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{21927AF8-8738-455F-AB98-7FF8FBFC6282}" = Intel(R) Network Connections 15.8.76.0
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-in for Microsoft Office
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{36E757F7-53A7-476D-A4A6-B9412D577CC1}" = Article Marketing Robot
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009
"{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in
"{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core FTP LE 2.1" = Core FTP LE 2.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"FileZilla Client" = FileZilla Client 3.3.5.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IBP11_is1" = IBP 11.7.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"RealVNC_is1" = VNC Free Edition 4.1.3
"Sandboxie" = Sandboxie 3.54 (32-bit)
"seopowersuite" = Rank Tracker
"Spotify" = Spotify
"Submitter" = Submitter
"TheBestSpinner" = TheBestSpinner
"VLC media player" = VLC media player 1.1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 beta 4 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'views', because it does not exist or you do
not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'tables', because it does not exist or you
do not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'objects', because it does not exist or you
do not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_sql_modules', because it does not exist
or you do not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_parameters', because it does not exist
or you do not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_columns', because it does not exist or
you do not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_views', because it does not exist or you
do not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_objects', because it does not exist or
you do not have permission.

Error - 02/04/2011 09:31:47 | Computer Name = SHANE-PC | Source = Application Error | ID = 1000
Description = Faulting application sickrun.exe, version 3.3.6.1, faulting module
vgx.dll, version 8.0.6001.18702, fault address 0x0003ffa0.

Error - 05/04/2011 02:12:04 | Computer Name = SHANE-PC | Source = Application Hang | ID = 1002
Description = Hanging application Submitter.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 03/04/2011 05:39:51 | Computer Name = SHANE-PC | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 05/04/2011 05:52:08 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 05/04/2011 06:09:10 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 05/04/2011 06:11:27 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 05/04/2011 06:19:23 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 05/04/2011 06:20:02 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 05/04/2011 06:21:09 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 09/04/2011 06:47:07 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 09/04/2011 07:00:07 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register
with DCOM within the required timeout.

Error - 09/04/2011 07:03:42 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register
with DCOM within the required timeout.


< End of report >
shane8960
Active Member
 
Posts: 7
Joined: April 7th, 2011, 2:16 am

Re: Redirect Problem After Malware

Unread postby askey127 » April 9th, 2011, 3:06 pm

shane8960,
----------------------------------------------
Open Notepad, and paste the contents of the following code box into the Notepad text.
Code: Select all
sc stop fdcgcaui
sc config fdcgcaui start= disabled
sc delete fdcgcaui
sc stop gyvzhjjc
sc config gyvzhjjc start= disabled
sc delete gyvzhjjc
sc stop jztfnfkd 
sc config jztfnfkd start= disabled
sc delete jztfnfkd
sc stop mqeoihwd
sc config mqeoihwd start= disabled
sc delete mqeoihwd

Use Notepad's File, Save As to save it to your desktop as File type All Files (not as text file or it won't work), and file name FixSvc.bat
Exit Notepad and double click on FixSvc.bat
A Command window will flash on and off.
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    c:\windows\system32\drivers\fdcgcaui.sys
    c:\windows\system32\drivers\gyvzhjjc.sys
    c:\windows\system32\drivers\jztfnfkd.sys 
    c:\windows\system32\drivers\mqeoihwd.sys
    C:\Documents and Settings\Shane\Local Settings\Application Data\6an53m750m7pvv7h43xhfs4q45rrn
    C:\Documents and Settings\All Users\Application Data\6an53m750m7pvv7h43xhfs4q45rrn
    C:\Documents and Settings\Shane\Local Settings\Application Data\h761864ui02ly2y6522h63a002427t821qhl10x0b1
    C:\Documents and Settings\All Users\Application Data\h761864ui02ly2y6522h63a002427t821qhl10x0b1
    C:\Documents and Settings\All Users\Application Data\~19390260r
    C:\Documents and Settings\All Users\Application Data\~19390260
    C:\Documents and Settings\All Users\Application Data\19390260
    C:\WINDOWS\Pkadirozilizodo.dat
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirect Problem After Malware

Unread postby shane8960 » April 10th, 2011, 1:34 am

OTL logfile created on: 10/04/2011 06:28:06 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Shane\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 75.13 Gb Total Space | 53.30 Gb Free Space | 70.95% Space Free | Partition Type: NTFS
Drive D: | 1.92 Gb Total Space | 1.31 Gb Free Space | 68.13% Space Free | Partition Type: FAT
Drive E: | 390.62 Gb Total Space | 390.54 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive I: | 151.60 Gb Total Space | 147.41 Gb Free Space | 97.23% Space Free | Partition Type: NTFS
Drive Z: | 146.48 Gb Total Space | 118.60 Gb Free Space | 80.96% Space Free | Partition Type: NTFS

Computer Name: SHANE-PC | User Name: Shane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/10 06:26:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
PRC - [2011/03/31 10:10:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/24 12:24:36 | 000,409,320 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2011/03/24 12:24:34 | 000,072,936 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/02/03 12:59:55 | 000,935,424 | ---- | M] () -- C:\Program Files\Article Marketing Robot\Article Marketing Robot.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/25 09:42:10 | 000,110,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/10 06:26:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Article Marketing Robot\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2011/03/24 12:24:34 | 000,072,936 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/25 09:42:10 | 000,110,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV - [2011/04/10 06:25:07 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C000EE74-2F55-453F-8742-6B653892308B}\MpKsl90ff99e9.sys -- (MpKsl90ff99e9)
DRV - [2011/04/10 06:19:34 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C000EE74-2F55-453F-8742-6B653892308B}\MpKslad50709c.sys -- (MpKslad50709c)
DRV - [2011/03/24 12:24:30 | 000,126,696 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/02/11 08:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/01/15 20:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = XXX.XXX.XXX.XXX:XXXXX

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.7.9
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{A70A3FED-9E30-40DF-B91B-FA81679F3EA3}: C:\Documents and Settings\Shane\Local Settings\Application Data\{A70A3FED-9E30-40DF-B91B-FA81679F3EA3} [2011/04/01 11:40:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/31 10:11:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 16:51:50 | 000,000,000 | ---D | M]

[2011/03/29 11:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions
[2011/03/29 11:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shane\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/08 12:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\raw8dy59.default\extensions
[2011/01/13 10:57:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\raw8dy59.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/08 12:17:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\raw8dy59.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/04/03 08:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/01 15:57:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/03 08:35:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SHANE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RAW8DY59.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SHANE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RAW8DY59.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SHANE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RAW8DY59.DEFAULT\EXTENSIONS\RANKCHECKER@SEOBOOK.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SHANE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RAW8DY59.DEFAULT\EXTENSIONS\SM@SUBMITTER.NET.XPI
[2011/04/01 11:40:52 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\SHANE\LOCAL SETTINGS\APPLICATION DATA\{A70A3FED-9E30-40DF-B91B-FA81679F3EA3}
[2011/03/01 15:57:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/31 10:10:58 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/31 10:11:01 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/31 10:11:01 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/03/31 10:11:01 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/31 10:11:01 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/31 10:11:01 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/09 13:10:35 | 000,000,758 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Article Marketing Robot] C:\Program Files\Article Marketing Robot\Article Marketing Robot.exe ()
O4 - HKCU..\Run: [IBP] File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 4474446062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Shane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/08 07:45:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 06:26:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
[2011/04/10 06:23:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/09 14:01:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Shane\Recent
[2011/04/09 13:40:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/05 13:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\Halvar Information
[2011/04/03 10:45:30 | 000,000,000 | R--D | C] -- C:\Sandbox
[2011/04/03 10:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2011/04/03 10:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2011/04/02 16:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/02 16:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/02 16:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/02 16:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/02 12:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\Temporary Projects
[2011/04/02 12:12:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2011/04/02 12:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2008
[2011/04/02 11:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011/04/02 07:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/04/01 13:37:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/04/01 11:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Start Menu\Programs\Windows Repair
[2011/04/01 11:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\{A70A3FED-9E30-40DF-B91B-FA81679F3EA3}
[2011/03/29 11:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Local Settings\Application Data\MozSwing
[2011/03/29 11:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\SEO PowerSuite
[2011/03/28 19:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Desktop\Scrapebox Experiment
[2011/03/28 17:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\scrapebox2
[2011/03/17 19:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\EurekaLog
[2011/03/14 16:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Start Menu\Programs\Notepad++
[2011/03/14 16:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2011/03/14 16:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/03/14 16:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shane\Application Data\Notepad++

========== Files - Modified Within 30 Days ==========

[2011/04/10 06:26:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shane\Desktop\OTL.exe
[2011/04/10 06:25:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/10 06:25:08 | 003,559,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/10 06:24:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/10 06:22:16 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\FixSvc.bat
[2011/04/09 12:47:10 | 003,987,342 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\linkss.psd
[2011/04/05 16:16:56 | 000,461,972 | ---- | M] () -- C:\Documents and Settings\Shane\.spyglass.properties
[2011/04/05 13:24:25 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/05 13:17:28 | 000,536,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/05 13:17:28 | 000,106,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/05 11:13:01 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\TheBestSpinner_Export.dat
[2011/04/03 19:09:15 | 000,001,366 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2011/04/03 10:44:33 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Sandboxed Web Browser.lnk
[2011/04/03 10:44:33 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2011/04/02 16:32:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/02 16:09:53 | 000,091,792 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\linking.jpg
[2011/04/02 11:20:35 | 000,000,980 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\XSETTINGS.LXS
[2011/04/02 11:20:15 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\XREG.LXS
[2011/04/02 11:07:29 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\default.arp
[2011/04/02 11:07:23 | 000,018,358 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\default29743.blw
[2011/04/02 10:52:48 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\DEBUG.SEOLR
[2011/04/02 10:13:15 | 000,001,272 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\XPROFILES.LXS
[2011/04/02 10:13:05 | 000,000,316 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\default.rss
[2011/04/02 09:57:13 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\default.soc
[2011/04/02 09:38:49 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\Shane\My Documents\XPROXY.LXS
[2011/04/01 11:40:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bxifi.bin
[2011/04/01 09:25:09 | 067,103,834 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\PHP-LD-Scrape-Raw.sic
[2011/04/01 07:07:49 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/03/31 17:17:25 | 014,571,117 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\pun-bb-scrape-raw.sic
[2011/03/31 09:42:56 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 11:19:54 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\SEO SpyGlass.lnk
[2011/03/29 11:19:46 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\LinkAssistant.lnk
[2011/03/29 11:19:38 | 000,001,960 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\WebSite Auditor.lnk
[2011/03/29 11:19:29 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Rank Tracker.lnk
[2011/03/28 11:19:43 | 000,019,984 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\general_styles.css
[2011/03/28 10:57:26 | 000,009,081 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\styles.css
[2011/03/27 17:22:00 | 000,702,900 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\design.psd
[2011/03/20 16:57:18 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Article Marketing Robot.lnk
[2011/03/20 13:36:06 | 000,696,734 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\bloglinknetwork.psd
[2011/03/20 12:32:48 | 000,766,766 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Untitled-1.psd
[2011/03/19 18:34:52 | 069,982,610 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Copy of pun-bb-scrape-raw.sic
[2011/03/19 03:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SHANE-PC-Shane.job
[2011/03/15 09:25:38 | 000,266,922 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Equifax Personal Solutions - Credit Report™ - Printed Version.pdf
[2011/03/12 13:19:54 | 000,189,257 | ---- | M] () -- C:\WINDOWS\Submitter Uninstaller.exe
[2011/03/12 13:19:54 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Shane\Desktop\Submitter.lnk

========== Files Created - No Company Name ==========

[2011/04/10 06:22:16 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\FixSvc.bat
[2011/04/09 12:47:08 | 003,987,342 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\linkss.psd
[2011/04/09 12:29:40 | 000,120,556 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Ultratemplate_v1.0.0.sic
[2011/04/05 13:24:25 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/03 10:44:49 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Sandboxed Web Browser.lnk
[2011/04/03 10:44:49 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2011/04/03 10:44:46 | 000,001,366 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/04/02 16:24:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/02 11:43:43 | 000,091,792 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\linking.jpg
[2011/04/02 11:07:29 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\default.arp
[2011/04/02 10:28:23 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\DEBUG.SEOLR
[2011/04/02 10:15:20 | 000,018,358 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\default29743.blw
[2011/04/02 09:57:31 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\default.rss
[2011/04/02 09:43:41 | 000,001,107 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\default.soc
[2011/04/02 09:39:13 | 000,001,272 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\XPROFILES.LXS
[2011/04/02 09:39:10 | 000,000,980 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\XSETTINGS.LXS
[2011/04/02 09:38:49 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\XPROXY.LXS
[2011/04/02 07:38:15 | 000,000,285 | ---- | C] () -- C:\Documents and Settings\Shane\My Documents\XREG.LXS
[2011/04/01 11:40:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bxifi.bin
[2011/04/01 07:57:42 | 067,103,834 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\PHP-LD-Scrape-Raw.sic
[2011/03/31 11:32:58 | 069,982,610 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Copy of pun-bb-scrape-raw.sic
[2011/03/31 10:11:08 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/29 18:48:35 | 000,461,972 | ---- | C] () -- C:\Documents and Settings\Shane\.spyglass.properties
[2011/03/29 11:19:54 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\SEO SpyGlass.lnk
[2011/03/29 11:19:46 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\LinkAssistant.lnk
[2011/03/29 11:19:38 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\WebSite Auditor.lnk
[2011/03/29 11:19:29 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Rank Tracker.lnk
[2011/03/28 10:58:10 | 000,019,984 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\general_styles.css
[2011/03/28 10:57:26 | 000,009,081 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\styles.css
[2011/03/27 17:18:10 | 000,702,900 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\design.psd
[2011/03/20 13:36:05 | 000,696,734 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\bloglinknetwork.psd
[2011/03/20 12:32:46 | 000,766,766 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Untitled-1.psd
[2011/03/17 21:45:11 | 014,571,117 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\pun-bb-scrape-raw.sic
[2011/03/15 09:25:35 | 000,266,922 | ---- | C] () -- C:\Documents and Settings\Shane\Desktop\Equifax Personal Solutions - Credit Report™ - Printed Version.pdf
[2011/03/01 09:37:45 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/02/12 19:09:40 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/03 11:06:35 | 000,189,257 | ---- | C] () -- C:\WINDOWS\Submitter Uninstaller.exe
[2011/01/20 15:26:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/01/20 15:23:56 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/01/20 07:23:40 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/01/14 13:13:10 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Shane\Local Settings\Application Data\TheBestSpinner_Export.dat
[2011/01/10 08:25:51 | 000,277,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-1972579041-725345543-1003-0.dat
[2011/01/10 08:25:51 | 000,241,398 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/08 09:18:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/08 08:18:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/01/08 08:15:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/08 07:51:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2011/01/08 07:47:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/08 07:43:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/08 07:38:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/08 07:37:30 | 003,559,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/22 15:07:52 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2010/02/11 05:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 05:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/04/23 23:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/03/22 00:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 00:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,536,832 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,106,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/01/13 12:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/04/02 10:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/04/10 06:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Article Marketing Robot
[2011/03/08 15:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/04 17:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\CoreFTP
[2011/03/17 19:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\EurekaLog
[2011/04/09 06:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\FileZilla
[2011/04/09 08:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\IBP
[2011/03/14 16:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Notepad++
[2011/03/14 09:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Sick Marketing
[2011/02/28 15:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shane\Application Data\Spotify

========== Purity Check ==========



< End of report >
shane8960
Active Member
 
Posts: 7
Joined: April 7th, 2011, 2:16 am

Re: Redirect Problem After Malware

Unread postby shane8960 » April 10th, 2011, 1:35 am

OTL Extras logfile created on: 10/04/2011 06:28:06 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Shane\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 75.13 Gb Total Space | 53.30 Gb Free Space | 70.95% Space Free | Partition Type: NTFS
Drive D: | 1.92 Gb Total Space | 1.31 Gb Free Space | 68.13% Space Free | Partition Type: FAT
Drive E: | 390.62 Gb Total Space | 390.54 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive I: | 151.60 Gb Total Space | 147.41 Gb Free Space | 97.23% Space Free | Partition Type: NTFS
Drive Z: | 146.48 Gb Total Space | 118.60 Gb Free Space | 80.96% Space Free | Partition Type: NTFS

Computer Name: SHANE-PC | User Name: Shane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe:*:Enabled:Apache HTTP Server


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{21927AF8-8738-455F-AB98-7FF8FBFC6282}" = Intel(R) Network Connections 15.8.76.0
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-in for Microsoft Office
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{36E757F7-53A7-476D-A4A6-B9412D577CC1}" = Article Marketing Robot
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core FTP LE 2.1" = Core FTP LE 2.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"FileZilla Client" = FileZilla Client 3.3.5.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IBP11_is1" = IBP 11.7.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"RealVNC_is1" = VNC Free Edition 4.1.3
"Sandboxie" = Sandboxie 3.54 (32-bit)
"seopowersuite" = Rank Tracker
"Spotify" = Spotify
"Submitter" = Submitter
"TheBestSpinner" = TheBestSpinner
"VLC media player" = VLC media player 1.1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 beta 4 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'views', because it does not exist or you do
not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'tables', because it does not exist or you
do not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'objects', because it does not exist or you
do not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_sql_modules', because it does not exist
or you do not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_parameters', because it does not exist
or you do not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_columns', because it does not exist or
you do not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_views', because it does not exist or you
do not have permission.

Error - 02/04/2011 07:15:08 | Computer Name = SHANE-PC | Source = MSSQL$SQLEXPRESS | ID = 15151
Description = Cannot find the object 'all_objects', because it does not exist or
you do not have permission.

Error - 02/04/2011 09:31:47 | Computer Name = SHANE-PC | Source = Application Error | ID = 1000
Description = Faulting application sickrun.exe, version 3.3.6.1, faulting module
vgx.dll, version 8.0.6001.18702, fault address 0x0003ffa0.

Error - 05/04/2011 02:12:04 | Computer Name = SHANE-PC | Source = Application Hang | ID = 1002
Description = Hanging application Submitter.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 05/04/2011 06:21:09 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 09/04/2011 06:47:07 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 09/04/2011 07:00:07 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register
with DCOM within the required timeout.

Error - 09/04/2011 07:03:42 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register
with DCOM within the required timeout.

Error - 09/04/2011 11:36:59 | Computer Name = SHANE-PC | Source = DCOM | ID = 10010
Description = The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register
with DCOM within the required timeout.

Error - 10/04/2011 01:23:12 | Computer Name = SHANE-PC | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/04/2011 01:23:13 | Computer Name = SHANE-PC | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 10/04/2011 01:23:13 | Computer Name = SHANE-PC | Source = Service Control Manager | ID = 7034
Description = The Sandboxie Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/04/2011 01:23:13 | Computer Name = SHANE-PC | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet Monitoring Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/04/2011 01:23:13 | Computer Name = SHANE-PC | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
shane8960
Active Member
 
Posts: 7
Joined: April 7th, 2011, 2:16 am

Re: Redirect Problem After Malware

Unread postby shane8960 » April 10th, 2011, 1:36 am

Thanks, Have done all of that.

Browser is still being redirected though :(
shane8960
Active Member
 
Posts: 7
Joined: April 7th, 2011, 2:16 am

Re: Redirect Problem After Malware

Unread postby askey127 » April 10th, 2011, 7:59 am

shane8960
I'm taking your word on the proxy stuff here.
Even after we fix the problem, you will still have a few redirects until the DNS cache is flushed.
-----------------------------------------------
Please download MiniToolBox and run it.
Check ONLY the following in the list:
  • Flush DNS
  • List IP configuration
Click GO and post the result (Result.txt).
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    [2011/04/01 11:40:52 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\SHANE\LOCAL SETTINGS\APPLICATION DATA\{A70A3FED-9E30-40DF-B91B-FA81679F3EA3}
    
    
    :Files
    C:\DOCUMENTS AND SETTINGS\SHANE\LOCAL SETTINGS\APPLICATION DATA\{A70A3FED-9E30-40DF-B91B-FA81679F3EA3}
    
    :Commands
    [EMPTYTEMP]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
------------------------------------------------
Side Note:
If you use a router, wireless or wired, make sure that the administrator password for the router installation has been changed to one that you chose.
If the default password is retained, a remote attacker can install his own server address in between you and your Internet Provider. (The default passwords are published).
(This is not the password you may need to connect to your wireless network. It's the one you have to type in to the setup screen WHEN YOU SET UP the ROUTER.)
In case the router has been hacked, other machines connected to the same router will see the same type of redirect symptoms.
If you go into the router installation routine, you can take a quick look at the IP addresses in the router setup to make sure no extras have been added.
You may need Tech Help from your Internet Provider, or the original instructions, to make sure this is correct.
Is this something you can do?

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirect Problem After Malware

Unread postby shane8960 » April 11th, 2011, 1:54 am

It looks like this may have fixed it! The router is fine (had already checked that).

Thanks for your help - saved me no end of time! Was going to do a full reinstall - fingers crossed its all clear now.

Shane
shane8960
Active Member
 
Posts: 7
Joined: April 7th, 2011, 2:16 am

Re: Redirect Problem After Malware

Unread postby askey127 » April 11th, 2011, 7:01 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 495 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware