Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser hyjacked to searchqu by Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser hyjacked to searchqu by Virus

Unread postby esbark » May 14th, 2011, 10:50 am

Hello,
Could you please assist me to remove the virus which redirects my Firefox homepage to searchqu which is apparently some form of search engine. I was using Mu torrent when This virus came down. I have now removed that software and will not use it again. A program iLIvid (Bandoo Media Inc ) also came down and refuses to be uninstalled.

Here are my DDS files :-

Many Thanks

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Eric at 15:32:48.72 on 14/05/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2815.1307 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG10\avgsrmax.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Eric\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: HistoryTriggerBHO Class: {21a88cb9-84d2-4020-a2d1-b25a21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: WiseCleaner Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
TB: !{30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: !{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: !{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: WiseCleaner Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-explorer: HideSCAVolume = 1 (0x1)
uPolicies-explorer: HideSCABattery = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send to &Bluetooth Device... - C:\Program Files (x86)\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
mRun-x64: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency.dll
FF - component: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.5.dll
FF - component: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.6.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\TalkTalk\DigitalHome r59\npDigitalHome59.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe [2011-3-26 858480]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE [2011-3-26 2324848]
R2 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-1-17 301720]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-4-14 118864]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
R3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\System32\drivers\lgbtbs64.sys [2009-9-29 14848]
R3 LGVMODEM;LGE Virtual Modem;C:\Windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-6 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-7 947528]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-6 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-2 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-2 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-6 1255736]
.
=============== Created Last 30 ================
.
2011-05-13 22:59:34 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2011-05-13 22:45:47 388096 ----a-r- C:\Users\Eric\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-13 22:45:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-13 22:07:38 -------- d-----w- C:\Users\Eric\AppData\Roaming\Malwarebytes
2011-05-13 22:07:30 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-05-13 22:07:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-11 17:22:59 -------- d-----w- C:\Users\Eric\AppData\Local\Ilivid Player
2011-05-11 17:22:55 -------- d--h--w- C:\PROGRA~3\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}
2011-05-11 17:22:42 -------- d-----w- C:\Program Files (x86)\iLivid
2011-05-11 17:22:08 -------- d-----w- C:\Program Files (x86)\Windows iLivid Toolbar
2011-05-11 16:54:46 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 16:54:43 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 16:54:42 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 16:54:36 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 16:54:36 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 16:54:36 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 16:54:35 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 16:54:35 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 16:54:35 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-11 16:29:16 -------- d-----w- C:\Users\Eric\AppData\Roaming\TalkTalk
2011-05-07 08:24:23 -------- d-----w- C:\Users\Eric\AppData\Local\AVG Security Toolbar
2011-05-03 17:28:57 -------- d-----w- C:\Program Files\iPod
2011-05-03 17:28:56 -------- d-----w- C:\Program Files\iTunes
2011-05-03 17:28:56 -------- d-----w- C:\Program Files (x86)\iTunes
2011-05-03 17:26:00 -------- d-----w- C:\Program Files\Bonjour
2011-05-03 17:26:00 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-05-03 15:41:37 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-05-03 15:41:37 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-05-03 15:41:37 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-05-03 15:41:36 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-05-03 15:41:36 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-05-03 15:41:36 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-05-03 15:41:36 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-05-03 15:41:36 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-05-03 15:41:35 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-05-03 15:41:35 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-05-03 15:41:35 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-04-27 14:49:07 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-27 14:49:07 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-27 14:49:05 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-27 14:49:05 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 14:48:37 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-27 14:48:37 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-04-23 18:11:37 -------- d-----w- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
2011-04-23 18:11:24 -------- d-----w- C:\Program Files (x86)\FILEminimizer Pictures
2011-04-20 12:25:55 159080 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-14 20:52:08 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-04-14 20:52:08 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-04-14 20:52:07 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-04-14 20:52:07 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-04-14 20:52:06 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-14 20:52:05 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-04-14 20:52:03 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-04-14 20:52:03 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-04-14 20:52:01 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-04-14 20:52:00 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-14 20:52:00 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-14 20:51:59 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-14 20:51:58 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-04-14 20:51:58 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-04-14 20:51:58 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-04-14 20:51:58 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-04-14 20:51:07 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-04-14 20:51:06 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-04-14 20:51:06 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-04-14 20:51:03 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-04-14 20:51:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-14 20:50:58 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-04-14 20:50:57 605552 ----a-w- C:\Windows\System32\winload.exe
2011-04-14 20:50:56 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-04-14 20:50:56 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-04-14 20:50:55 642944 ----a-w- C:\Windows\System32\winload.efi
2011-04-14 20:50:55 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-04-14 20:50:55 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-04-14 20:50:24 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-04-14 20:50:21 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-04-14 20:50:21 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-14 20:50:21 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-14 20:50:21 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-14 20:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
.
==================== Find3M ====================
.
2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-04-04 23:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-03-16 20:11:33 351 ----a-w- C:\DelUS.bat
2011-03-16 15:03:18 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-02 10:19:28 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-02 10:19:28 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-01 13:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-02-22 07:12:46 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
.
============= FINISH: 15:34:11.12 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 05/01/2011 21:52:11
System Uptime: 14/05/2011 14:47:11 (1 hours ago)
.
Motherboard: Acer | | FMCP7A-ION
Processor: Intel(R) Atom(TM) CPU 230 @ 1.60GHz | Intel | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 17.603 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 3.686 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 932 GiB total, 518.407 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR5007EG Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_E008105B&REV_01\4&D4B90D&0&00B0
Manufacturer: Atheros Communications Inc.
Name: Atheros AR5007EG Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_E008105B&REV_01\4&D4B90D&0&00B0
Service: athr
.
Class GUID:
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&1
Service:
.
Class GUID:
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_02221025&REV_B1\3&267A616A&0&1D
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0AA3&SUBSYS_02221025&REV_B1\3&267A616A&0&1D
Service:
.
==== System Restore Points ===================
.
RP96: 12/05/2011 10:44:29 - Installed Memory-Map OS Edition Version 5
RP97: 13/05/2011 23:17:29 - Restore Operation
RP98: 13/05/2011 23:44:53 - Installed HiJackThis
RP167: 14/05/2011 11:03:44 - Windows Update
.
==== Installed Programs ======================
.
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader X (10.0.1)
Adobe Stock Photos 1.0
Analog Clock
ANWIDA Soft DX Reverb 2.0 DEMO
ANWIDA Soft DX Reverb Light 2.0
Apple Application Support
Apple Software Update
Ask Toolbar
Audacity 1.3.12 (Unicode)
Canon MP Navigator EX 2.0
Canon MP540 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Conduit Engine
Dropbox
EasyBCD 2.0
FILEminimizer Pictures
FontFrenzy 1.51
FreeCommander 2009.02b
Gadwin PrintScreen
GFI Backup 2009 - Home Edition
Google Chrome
Google Earth
Google Gmail Notifier
Google Update Helper
HiJackThis
iLivid
Jasc Paint Shop Pro 8
Java Auto Updater
Java(TM) 6 Update 24
LAME v3.98.3 for Audacity
LG Bluetooth Drivers
LG Internet Kit
LG PC Suite IV
LG United Mobile Drivers
LG USB Modem Drivers
LibreOffice 3.3
Memory-Map Navigator
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-GB)
Mozilla Thunderbird (3.1.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
PathAway GPS 5 for Windows Mobile
QuickTime
Samplitude 11 Silver
SatSYNC
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SIW version 2010.07.14
TalkTalk Browser Plug-in
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
uTorrentBar Toolbar
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.8
Windows iLivid Toolbar
Wise Registry Cleaner 5.9.4
.
==== Event Viewer Messages From Past Week ========
.
14/05/2011 14:48:14, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
13/05/2011 23:19:00, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WcesComm service.
12/05/2011 06:20:27, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/05/2011 03:21:12, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
10/05/2011 11:33:23, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
.
==== End Of File ===========================
esbark
Active Member
 
Posts: 8
Joined: May 14th, 2011, 6:39 am
Advertisement
Register to Remove

Re: Browser hyjacked to searchqu by Virus

Unread postby askey127 » May 16th, 2011, 6:56 am

Looking at your log.
Be back soon.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser hyjacked to searchqu by Virus

Unread postby askey127 » May 16th, 2011, 7:12 am

Hi esbark,
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program utorrent toolbar in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
(Limewire has just been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

Please Do each step as shown before proceeding to the next. Please don't scan install, or delete anything else unless I ask, until we are through cleaning.
I would print this out first, to be sure you are doing everything in the correct sequence. Don't Guess.

We are going to remove your AVG 2011 antivirus and replace it with an antivirus called Avira Antivir.
This will also remove the "Security" toolbar, which is related to ask.com
This is necessary for our tools to work correctly.

Then we will run scans from Antivir and a program called OTL, and get their reports.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Click the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)
Save the Installer to your desktop, but don't run it yet. The installer file will be named avira_antivir_personal_en.exe
Double check to be sure you know where to find it.
------------------------------------------------
Remove AVG Antivirus and Other Programs Using the Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click this Entry, choose Uninstall/Change, and give permission to Continue:

AVG 2011
Ask Toolbar
uTorrentBar Toolbar
Wise Registry Cleaner 5.9.4

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------
Install Antivir Immediately
Right Click the Avira Antivir Installer you saved on your desktop, choose "Run as administrator", and let it Install Antivir.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any items it finds.
IMPORTANT >> tell it to DELETE or QUARANTINE any items it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
    Since you have a 64-bit version of Windows, check the box at the top, labeled Include 64 bit scans
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  4. Click on the Run Scan button at the top left hand corner.
  5. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
Please post the contents of these files.
You will likely find using separate replies for each of the logs easier to post.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies

So we are anticipating the contents of the Antivir log, the contents of OTL.txt and Extras.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser hyjacked to searchqu by Virus

Unread postby esbark » May 16th, 2011, 2:47 pm

Thank you askey 127 for the very detailed instructions.

Everything went fine, when I began the installation of Avira the program warned me to close down Windows defender to prevent a conflict, so I did.

The rest of the instructions caused no problems but OTL only created one file ( No Extras.text ) so I ran it again with the same results.
I had a copy of DDS on my computer so I ran that. That too only created one file.
I enclose the three files which I have created



Avira AntiVir Personal
Report file date: 16 May 2011 15:50

Scanning for 2739162 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : Eric
Computer name : ERIC-PC

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 01/04/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 01/04/2011 16:07:43
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2011 16:07:57
LUKE.DLL : 10.0.3.2 104296 Bytes 01/04/2011 16:07:53
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 15:15:47
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 15:15:47
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 14:39:02
VBASE004.VDF : 7.11.5.226 2048 Bytes 07/04/2011 14:39:03
VBASE005.VDF : 7.11.5.227 2048 Bytes 07/04/2011 14:39:03
VBASE006.VDF : 7.11.5.228 2048 Bytes 07/04/2011 14:39:03
VBASE007.VDF : 7.11.5.229 2048 Bytes 07/04/2011 14:39:03
VBASE008.VDF : 7.11.5.230 2048 Bytes 07/04/2011 14:39:03
VBASE009.VDF : 7.11.5.231 2048 Bytes 07/04/2011 14:39:03
VBASE010.VDF : 7.11.5.232 2048 Bytes 07/04/2011 14:39:03
VBASE011.VDF : 7.11.5.233 2048 Bytes 07/04/2011 14:39:03
VBASE012.VDF : 7.11.5.234 2048 Bytes 07/04/2011 14:39:04
VBASE013.VDF : 7.11.6.28 158208 Bytes 11/04/2011 14:39:12
VBASE014.VDF : 7.11.6.74 116224 Bytes 13/04/2011 14:39:18
VBASE015.VDF : 7.11.6.113 137728 Bytes 14/04/2011 14:39:22
VBASE016.VDF : 7.11.6.150 146944 Bytes 18/04/2011 14:39:28
VBASE017.VDF : 7.11.6.192 138240 Bytes 20/04/2011 14:39:31
VBASE018.VDF : 7.11.6.237 156160 Bytes 22/04/2011 14:39:36
VBASE019.VDF : 7.11.7.45 427520 Bytes 27/04/2011 14:39:53
VBASE020.VDF : 7.11.7.64 192000 Bytes 28/04/2011 14:39:58
VBASE021.VDF : 7.11.7.97 182272 Bytes 02/05/2011 14:40:09
VBASE022.VDF : 7.11.7.127 467968 Bytes 04/05/2011 14:40:23
VBASE023.VDF : 7.11.7.183 185856 Bytes 09/05/2011 14:40:32
VBASE024.VDF : 7.11.7.218 133120 Bytes 11/05/2011 14:40:37
VBASE025.VDF : 7.11.7.234 139776 Bytes 11/05/2011 14:40:41
VBASE026.VDF : 7.11.8.16 147456 Bytes 13/05/2011 14:40:45
VBASE027.VDF : 7.11.8.17 2048 Bytes 13/05/2011 14:40:45
VBASE028.VDF : 7.11.8.18 2048 Bytes 13/05/2011 14:40:45
VBASE029.VDF : 7.11.8.19 2048 Bytes 13/05/2011 14:40:46
VBASE030.VDF : 7.11.8.20 2048 Bytes 13/05/2011 14:40:49
VBASE031.VDF : 7.11.8.31 110592 Bytes 16/05/2011 14:40:52
Engineversion : 8.2.4.236
AEVDF.DLL : 8.1.2.1 106868 Bytes 28/03/2011 15:15:27
AESCRIPT.DLL : 8.1.3.63 1601915 Bytes 16/05/2011 14:42:40
AESCN.DLL : 8.1.7.2 127349 Bytes 28/03/2011 15:15:27
AESBX.DLL : 8.1.3.2 254324 Bytes 28/03/2011 15:15:26
AERDL.DLL : 8.1.9.9 639347 Bytes 25/03/2011 11:21:38
AEPACK.DLL : 8.2.6.8 557430 Bytes 16/05/2011 14:42:26
AEOFFICE.DLL : 8.1.1.22 205178 Bytes 16/05/2011 14:42:11
AEHEUR.DLL : 8.1.2.118 3469687 Bytes 16/05/2011 14:42:05
AEHELP.DLL : 8.1.16.1 246134 Bytes 28/03/2011 15:15:20
AEGEN.DLL : 8.1.5.5 401780 Bytes 16/05/2011 14:41:08
AEEMU.DLL : 8.1.3.0 393589 Bytes 28/03/2011 15:15:19
AECORE.DLL : 8.1.20.4 196983 Bytes 16/05/2011 14:41:02
AEBB.DLL : 8.1.1.0 53618 Bytes 28/03/2011 15:15:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 28/03/2011 15:15:31
AVPREF.DLL : 10.0.0.0 44904 Bytes 01/04/2011 16:07:42
AVREP.DLL : 10.0.0.9 174120 Bytes 16/05/2011 14:42:42
AVREG.DLL : 10.0.3.2 53096 Bytes 01/04/2011 16:07:42
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 01/04/2011 16:07:43
AVARKT.DLL : 10.0.22.6 231784 Bytes 01/04/2011 16:07:38
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 01/04/2011 16:07:41
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 28/03/2011 15:15:30
NETNT.DLL : 10.0.0.0 11624 Bytes 28/03/2011 15:15:39
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 01/04/2011 16:07:58
RCTEXT.DLL : 10.0.58.0 97128 Bytes 28/03/2011 15:15:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, G:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 16 May 2011 15:50

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\5
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows CE Services\symboliclinkvalue
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avcenter.exe' - '114' Module(s) have been scanned
Scan process 'avgnt.exe' - '69' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'avguard.exe' - '68' Module(s) have been scanned
Scan process 'datamngrUI.exe' - '47' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
Scan process 'jusched.exe' - '26' Module(s) have been scanned
Scan process 'Dropbox.exe' - '68' Module(s) have been scanned
Scan process 'TomTomHOMERunner.exe' - '34' Module(s) have been scanned
Scan process 'PrintScreen.exe' - '34' Module(s) have been scanned
Scan process 'TomTomHOMEService.exe' - '12' Module(s) have been scanned
Scan process 'GFIHSC~1.EXE' - '26' Module(s) have been scanned
Scan process 'GFIHInst.exe' - '21' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '41' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '49' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1370' files ).


Starting the file scan:

Begin scan in 'C:\' <Corsair 60G>
Begin scan in 'D:\' <Vertex 30G>
D:\Users\Eric\AppData\Local\Mozilla\SeaMonkey\Profiles\rq987n7b.default\Cache\5138EB05d01
--> Object
[WARNING] The file could not be read!
[WARNING] The file could not be read!
D:\Users\Eric\AppData\Local\Opera\Opera\temporary_downloads\Opera_1101_int_Setup.exe
[WARNING] The file could not be read!
Begin scan in 'G:\' <1 Terabyte>
G:\Backup Of 100 Gig Drive\Earlier Vertex Backup\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26NERKV5\Firefox%20Setup%203.5.7[1].exe
--> Object
[WARNING] The file could not be read!
[WARNING] The file could not be read!
G:\Backup Of 100 Gig Drive\Earlier Vertex Backup\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTC9ZMTY\Firefox%20Setup%203.5.7[2].exe
--> Object
[WARNING] The file could not be read!
[WARNING] The file could not be read!


End of the scan: 16 May 2011 18:21
Used time: 2:30:32 Hour(s)

The scan has been done completely.

59090 Scanned directories
1401310 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1401310 Files not concerned
19793 Archives were scanned
7 Warnings
3 Notes
409196 Objects were scanned with rootkit scan
3 Hidden objects were found

OTL logfile created on: 16/05/2011 19:25:39 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Eric\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): c:\pagefile.sys 1000 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 18.34 Gb Free Space | 32.82% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 4.00 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 518.41 Gb Free Space | 55.65% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2011/05/03 21:22:21 | 012,594,352 | ---- | M] (Mozilla Messaging) -- D:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/21 18:13:26 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011/04/21 18:13:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/24 13:30:12 | 001,115,536 | ---- | M] (Discordia, LTD) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2010/12/17 03:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/10/14 09:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2010/07/30 17:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
PRC - [2010/07/30 17:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
MOD - [2010/11/20 13:18:27 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/10/07 00:36:08 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\msvcp71.dll
MOD - [2010/10/07 00:36:00 | 000,094,208 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
MOD - [2008/03/04 01:34:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/17 21:20:04 | 000,301,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV:64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/30 17:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe -- (GFIBckHAtt)
SRV - [2010/07/30 17:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe -- (GFIBckHSched)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 17:07:59 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:59 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/21 03:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/06/07 17:34:12 | 000,063,744 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwusb.sys -- (BTWUSB)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 9C D1 F9 B8 CB CB 01 [binary data]
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011/04/21 18:13:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2011/05/03 21:22:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/12/27 13:48:59 | 000,000,000 | ---D | M]

[2011/05/11 18:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/01/05 23:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/06 17:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/05/16 15:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions
[2011/01/07 10:03:03 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/03/21 20:06:47 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/21 20:06:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\engine@conduit.com
[2011/02/24 22:56:15 | 000,002,569 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\askcom.xml
[2011/03/21 16:12:42 | 000,000,863 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\conduit.xml
[2010/09/02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\iMeshWebSearch.xml
[2011/03/23 13:24:21 | 000,005,529 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\SearchquWebSearch.xml
[2011/04/05 10:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/07 10:00:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/25 17:48:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 10\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWZTWYKJ.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWZTWYKJ.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 1
O7 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk G:\
O33 - MountPoints2\{1045699b-279d-11e0-9eee-0022686925d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1045699b-279d-11e0-9eee-0022686925d4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1b3b2e34-382a-11e0-939b-0022686925d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1b3b2e34-382a-11e0-939b-0022686925d4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 15:45:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Avira
[2011/05/16 15:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/16 15:36:16 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/16 15:36:16 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/16 15:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/16 15:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/05/14 13:19:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/05/13 23:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/05/13 23:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/05/13 23:45:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/13 23:07:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2011/05/13 23:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 23:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/13 23:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/11 18:22:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Ilivid Player
[2011/05/11 18:22:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}
[2011/05/11 18:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
[2011/05/11 18:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/05/11 17:54:46 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/05/11 17:54:43 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/05/11 17:54:42 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/05/11 17:54:36 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/05/11 17:54:35 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/05/11 17:29:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\TalkTalk
[2011/05/03 18:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/03 18:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/03 18:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/03 18:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/05/03 18:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/03 18:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/03 16:41:37 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/05/03 16:41:37 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/05/03 16:41:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/05/03 16:41:36 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/05/03 16:41:36 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/05/03 16:41:35 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/05/03 16:41:35 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/27 15:49:07 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/27 15:49:07 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/27 15:49:05 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/27 15:49:05 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/27 15:48:37 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/27 15:48:37 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/24 11:58:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Justin Guitar
[2011/04/23 19:11:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
[2011/04/23 19:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Pictures 3.0
[2011/04/23 19:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FILEminimizer Pictures
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 19:10:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 18:47:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885442965-1332903562-2435886763-1000UA.job
[2011/05/16 15:37:38 | 000,021,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 15:37:38 | 000,021,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 15:36:22 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/16 15:34:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/16 15:34:46 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/16 15:34:46 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/16 15:30:27 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 15:30:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/16 15:30:14 | 2213,941,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 15:21:34 | 052,676,424 | ---- | M] () -- C:\Users\Eric\Desktop\avira_antivir_personal_en.exe
[2011/05/16 13:47:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885442965-1332903562-2435886763-1000Core.job
[2011/05/15 16:36:35 | 000,002,179 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/05/14 16:48:09 | 000,002,407 | ---- | M] () -- C:\Users\Eric\Desktop\Google Chrome.lnk
[2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/05/14 11:31:46 | 000,625,664 | ---- | M] () -- C:\Users\Eric\Desktop\dds.com
[2011/05/13 23:45:47 | 000,002,971 | ---- | M] () -- C:\Users\Eric\Desktop\HiJackThis.lnk
[2011/05/03 18:29:28 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/03 17:03:36 | 000,000,388 | -H-- | M] () -- C:\Windows\tasks\My Backup(5) xml.job
[2011/04/24 20:45:23 | 000,000,752 | ---- | M] () -- C:\Users\Eric\Desktop\Blues Lead Guitar.lnk
[2011/04/23 19:11:31 | 000,001,169 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\FILEminimizer Pictures.lnk
[2011/04/23 19:11:31 | 000,001,145 | ---- | M] () -- C:\Users\Eric\Desktop\Picture Minimiser.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 15:36:22 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/16 15:22:02 | 052,676,424 | ---- | C] () -- C:\Users\Eric\Desktop\avira_antivir_personal_en.exe
[2011/05/14 15:31:53 | 000,625,664 | ---- | C] () -- C:\Users\Eric\Desktop\dds.com
[2011/05/13 23:45:47 | 000,002,971 | ---- | C] () -- C:\Users\Eric\Desktop\HiJackThis.lnk
[2011/05/03 18:29:28 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/25 07:59:18 | 000,000,388 | -H-- | C] () -- C:\Windows\tasks\My Backup(5) xml.job
[2011/04/24 20:45:37 | 000,000,752 | ---- | C] () -- C:\Users\Eric\Desktop\Blues Lead Guitar.lnk
[2011/04/23 19:11:31 | 000,001,169 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\FILEminimizer Pictures.lnk
[2011/04/23 19:11:31 | 000,001,145 | ---- | C] () -- C:\Users\Eric\Desktop\Picture Minimiser.lnk
[2011/03/14 18:15:53 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/02/17 18:23:49 | 000,004,608 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/14 12:59:10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/02/14 12:59:10 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/01/10 15:04:29 | 000,000,017 | ---- | C] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg
[2011/01/06 10:57:14 | 000,000,079 | ---- | C] () -- C:\Users\Eric\AppData\Local\CrystalDiskMark30.ini
[2011/01/05 23:05:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/04/27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

========== LOP Check ==========

[2011/04/26 22:46:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Audacity
[2011/03/02 09:48:04 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AVG10
[2011/01/10 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Canon
[2011/01/10 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CheckPoint
[2011/05/16 15:30:55 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Dropbox
[2011/04/23 20:29:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
[2011/05/13 23:20:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FreeCommander
[2011/02/25 14:26:28 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech
[2011/02/10 15:40:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LibreOffice
[2011/04/12 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\MAGIX
[2011/02/14 20:56:50 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ML
[2011/01/06 16:17:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\OpenOffice.org
[2011/01/06 20:54:26 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Opera
[2011/01/06 17:23:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Satmap
[2011/05/13 23:20:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TalkTalk
[2011/01/05 23:42:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Thunderbird
[2011/01/06 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TomTom
[2011/05/03 17:03:36 | 000,000,388 | -H-- | M] () -- C:\Windows\Tasks\My Backup(5) xml.job
[2011/04/20 18:44:15 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:0FD841FF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Eric at 19:32:12.00 on 16/05/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2815.1296 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\splwow64.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchProtocolHost.exe
D:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Eric\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: HistoryTriggerBHO Class: {21a88cb9-84d2-4020-a2d1-b25a21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
TB: !{30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: !{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: !{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Google Update] "C:\Users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-explorer: HideSCAVolume = 1 (0x1)
uPolicies-explorer: HideSCABattery = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send to &Bluetooth Device... - C:\Program Files (x86)\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
mRun-x64: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - component: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency.dll
FF - component: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.5.dll
FF - component: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.6.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\TalkTalk\DigitalHome r59\npDigitalHome59.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-16 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-16 269480]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-5-16 83120]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe [2011-3-26 858480]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE [2011-3-26 2324848]
R2 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-1-17 301720]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\System32\drivers\lgbtbs64.sys [2009-9-29 14848]
R3 LGVMODEM;LGE Virtual Modem;C:\Windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-6 136176]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-6 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-2 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-2 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-6 1255736]
.
=============== Created Last 30 ================
.
2011-05-16 14:45:33 -------- d-----w- C:\Users\Eric\AppData\Roaming\Avira
2011-05-16 14:36:16 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-05-16 14:36:14 -------- d-----w- C:\Program Files (x86)\Avira
2011-05-16 14:36:14 -------- d-----w- C:\PROGRA~3\Avira
2011-05-13 22:59:34 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2011-05-13 22:45:47 388096 ----a-r- C:\Users\Eric\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-13 22:45:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-13 22:07:38 -------- d-----w- C:\Users\Eric\AppData\Roaming\Malwarebytes
2011-05-13 22:07:30 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-05-13 22:07:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-11 17:22:59 -------- d-----w- C:\Users\Eric\AppData\Local\Ilivid Player
2011-05-11 17:22:55 -------- d--h--w- C:\PROGRA~3\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}
2011-05-11 17:22:42 -------- d-----w- C:\Program Files (x86)\iLivid
2011-05-11 17:22:08 -------- d-----w- C:\Program Files (x86)\Windows iLivid Toolbar
2011-05-11 16:54:46 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 16:54:43 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 16:54:42 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 16:54:36 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 16:54:36 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 16:54:36 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 16:54:35 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 16:54:35 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 16:54:35 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-11 16:29:16 -------- d-----w- C:\Users\Eric\AppData\Roaming\TalkTalk
2011-05-03 17:28:57 -------- d-----w- C:\Program Files\iPod
2011-05-03 17:28:56 -------- d-----w- C:\Program Files\iTunes
2011-05-03 17:28:56 -------- d-----w- C:\Program Files (x86)\iTunes
2011-05-03 17:26:00 -------- d-----w- C:\Program Files\Bonjour
2011-05-03 17:26:00 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-05-03 15:41:37 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-05-03 15:41:37 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-05-03 15:41:37 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-05-03 15:41:36 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-05-03 15:41:36 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-05-03 15:41:36 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-05-03 15:41:36 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-05-03 15:41:36 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-05-03 15:41:35 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-05-03 15:41:35 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-05-03 15:41:35 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-04-27 14:49:07 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-27 14:49:07 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-27 14:49:05 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-27 14:49:05 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 14:48:37 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-27 14:48:37 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-04-23 18:11:37 -------- d-----w- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
2011-04-23 18:11:24 -------- d-----w- C:\Program Files (x86)\FILEminimizer Pictures
2011-04-20 12:25:55 159080 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
.
==================== Find3M ====================
.
2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-16 20:11:33 351 ----a-w- C:\DelUS.bat
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-03-02 10:19:28 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-02 10:19:28 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 10:56:44 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 05:43:28 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 19:33:05.13 ===============
esbark
Active Member
 
Posts: 8
Joined: May 14th, 2011, 6:39 am

Re: Browser hyjacked to searchqu by Virus

Unread postby askey127 » May 16th, 2011, 3:33 pm

esbark,
That's OK. Good job.
The files that didn't show up are only available the very first time that DDS or OTL are run.
I think there is enough info without them.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *ilivid*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *ilivid*
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
This set of searches could take a while. Please be patient.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser hyjacked to searchqu by Virus

Unread postby esbark » May 17th, 2011, 10:12 am

Thank you askey127

Here is my log


SystemLook 04.09.10 by jpshortstuff
Log created at 15:05 on 17/05/2011 by Eric
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\bandoocode.js --a---- 24210 bytes [13:32 02/03/2011] [13:32 02/03/2011] E2B3734A723FB575F4168B48552793BE
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\lib\bandoocode.js --a---- 30447 bytes [13:32 02/03/2011] [13:32 02/03/2011] B545B9C9A08D35D01C1A645A01B3C33D
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:32 02/03/2011] [13:32 02/03/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\searchquband.dll --a---- 424848 bytes [13:32 02/03/2011] [13:32 02/03/2011] 4341DAF80A4C03D2119770CA27FD4997
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IF7VX291\SetupDataMngr_Searchqu[1].exe --a---- 2596544 bytes [17:22 11/05/2011] [17:22 11/05/2011] 52C355E4323A707A1FA1FFAEBD9D4DDD
C:\Users\Eric\AppData\Local\Temp\searchqu.ini --a---- 413 bytes [17:22 11/05/2011] [17:22 11/05/2011] 73B0134C69170F1B98EC774FCA2DB76B
C:\Users\Eric\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:32 02/03/2011] [13:32 02/03/2011] AA709C3696701CC2792A44116E7D83A1
C:\Users\Eric\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 2596544 bytes [17:22 11/05/2011] [17:22 11/05/2011] 52C355E4323A707A1FA1FFAEBD9D4DDD
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@searchqu[2].txt --a---- 526 bytes [22:33 13/05/2011] [22:33 13/05/2011] 1ABCB522065BAF71AFC2180EFB5DDF2D
C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [17:22 11/05/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89

Searching for "*ilivid*"
C:\$Recycle.Bin\S-1-5-21-2885442965-1332903562-2435886763-1000\$RIQJLI8\iLivid Download Manager.lnk --a---- 984 bytes [17:22 11/05/2011] [17:22 11/05/2011] 64054E85F6DDE83C2EC915034EFBFCE8
C:\Program Files (x86)\iLivid\ilivid.exe --a---- 1789440 bytes [17:22 11/05/2011] [15:10 03/05/2011] AC40C69102F9DADB6F3CA841985B6A2E
C:\Program Files (x86)\iLivid\ilivid.ico --a---- 9662 bytes [17:22 11/05/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
C:\ProgramData\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.exe --a--c- 3005036 bytes [17:22 11/05/2011] [11:57 08/05/2011] BF1193F912EE55464DB50FC63AE6FF2F
C:\ProgramData\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.lnk --a--c- 0 bytes [17:22 11/05/2011] [17:22 11/05/2011] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.msi --a--c- 265728 bytes [17:22 11/05/2011] [11:57 08/05/2011] 5027A2E777C8D349F6B14080A4D68EFA
C:\Users\All Users\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.exe --a--c- 3005036 bytes [17:22 11/05/2011] [11:57 08/05/2011] BF1193F912EE55464DB50FC63AE6FF2F
C:\Users\All Users\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.lnk --a--c- 0 bytes [17:22 11/05/2011] [17:22 11/05/2011] D41D8CD98F00B204E9800998ECF8427E
C:\Users\All Users\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}\iLividSetupV1.msi --a--c- 265728 bytes [17:22 11/05/2011] [11:57 08/05/2011] 5027A2E777C8D349F6B14080A4D68EFA
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OY3UZ5GU\ilivid[1].7z --a---- 725651 bytes [17:22 11/05/2011] [17:22 11/05/2011] 0CF032A65C5F5F60A709C45A560E778B
C:\Users\Eric\AppData\Local\Temp\ilivid.7z --a---- 725651 bytes [17:22 11/05/2011] [17:22 11/05/2011] 0CF032A65C5F5F60A709C45A560E778B
C:\Users\Eric\Downloads\iLividSetupV1(1).exe --a---- 2010888 bytes [17:21 11/05/2011] [17:21 11/05/2011] A16A99C76A966AC4576137FA6BB02BDE
C:\Users\Eric\Downloads\iLividSetupV1.exe --a---- 2010888 bytes [17:21 11/05/2011] [17:21 11/05/2011] A16A99C76A966AC4576137FA6BB02BDE

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Users\Eric\AppData\LocalLow\searchquband d------ [21:34 12/05/2011]
C:\Users\Eric\AppData\LocalLow\searchqutoolbar d------ [17:22 11/05/2011]
C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchqutoolbar d------ [17:22 11/05/2011]

Searching for "*ilivid*"
C:\Program Files (x86)\iLivid d------ [17:22 11/05/2011]
C:\Program Files (x86)\Windows iLivid Toolbar d------ [17:22 11/05/2011]
C:\Users\Eric\AppData\Local\Ilivid Player d------ [17:22 11/05/2011]

-= EOF =-
esbark
Active Member
 
Posts: 8
Joined: May 14th, 2011, 6:39 am

Re: Browser hyjacked to searchqu by Virus

Unread postby askey127 » May 17th, 2011, 10:45 am

esbark,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\SearchquWebSearch.xml
    C:\Program Files (x86)\iLivid
    C:\ProgramData\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}
    C:\Users\All Users\{F01C14AE-F9C0-49DB-A28C-4C24EE6762FE}
    C:\Users\Eric\Downloads\iLividSetupV1(1).exe
    C:\Users\Eric\Downloads\iLividSetupV1.exe
    C:\Users\Eric\AppData\LocalLow\searchquband
    C:\Users\Eric\AppData\LocalLow\searchqutoolbar
    C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchqutoolbar
    C:\Users\Eric\AppData\Local\Ilivid Player
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser hyjacked to searchqu by Virus

Unread postby esbark » May 17th, 2011, 11:35 am

Askey127

Here is my log. I ticked the scan all users,lop,and purity check as before




OTL logfile created on: 17/05/2011 16:26:29 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Eric\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): c:\pagefile.sys 1000 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 18.76 Gb Free Space | 33.56% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 3.98 Gb Free Space | 13.59% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 518.41 Gb Free Space | 55.65% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/24 13:30:12 | 001,115,536 | ---- | M] (Discordia, LTD) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2010/12/17 03:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/10/14 09:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2010/07/30 17:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
PRC - [2010/07/30 17:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/17 21:20:04 | 000,301,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV:64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/30 17:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe -- (GFIBckHAtt)
SRV - [2010/07/30 17:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe -- (GFIBckHSched)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 17:07:59 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:59 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/21 03:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/06/07 17:34:12 | 000,063,744 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwusb.sys -- (BTWUSB)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 9C D1 F9 B8 CB CB 01 [binary data]
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011/04/21 18:13:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2011/05/03 21:22:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/12/27 13:48:59 | 000,000,000 | ---D | M]

[2011/05/11 18:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/01/05 23:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/06 17:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/05/16 15:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions
[2011/01/07 10:03:03 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/03/21 20:06:47 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/21 20:06:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\engine@conduit.com
[2011/02/24 22:56:15 | 000,002,569 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\askcom.xml
[2011/03/21 16:12:42 | 000,000,863 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\conduit.xml
[2010/09/02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\iMeshWebSearch.xml
[2011/04/05 10:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/07 10:00:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/25 17:48:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 10\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWZTWYKJ.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWZTWYKJ.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 1
O7 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk G:\
O33 - MountPoints2\{1045699b-279d-11e0-9eee-0022686925d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1045699b-279d-11e0-9eee-0022686925d4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1b3b2e34-382a-11e0-939b-0022686925d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1b3b2e34-382a-11e0-939b-0022686925d4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 16:02:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 19:56:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Virus Scanning Results 1
[2011/05/16 15:45:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Avira
[2011/05/16 15:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/16 15:36:16 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/16 15:36:16 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/16 15:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/16 15:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/05/14 13:19:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/05/13 23:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/05/13 23:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/05/13 23:45:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/13 23:07:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2011/05/13 23:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 23:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/13 23:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/11 18:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/05/11 17:29:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\TalkTalk
[2011/05/03 18:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/03 18:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/03 18:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/03 18:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/05/03 18:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/03 18:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/04/24 11:58:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Justin Guitar
[2011/04/23 19:11:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
[2011/04/23 19:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Pictures 3.0
[2011/04/23 19:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FILEminimizer Pictures
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 16:14:03 | 000,021,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 16:14:03 | 000,021,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 16:10:45 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/17 16:10:45 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/17 16:10:45 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/17 16:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/17 16:06:37 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/17 16:06:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/17 16:06:24 | 2213,941,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/17 15:03:37 | 000,096,256 | ---- | M] () -- C:\Users\Eric\Desktop\SystemLook_x64.exe
[2011/05/16 19:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885442965-1332903562-2435886763-1000UA.job
[2011/05/16 15:36:22 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/16 15:21:34 | 052,676,424 | ---- | M] () -- C:\Users\Eric\Desktop\avira_antivir_personal_en.exe
[2011/05/16 13:47:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885442965-1332903562-2435886763-1000Core.job
[2011/05/15 16:36:35 | 000,002,179 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/05/14 16:48:09 | 000,002,407 | ---- | M] () -- C:\Users\Eric\Desktop\Google Chrome.lnk
[2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/05/14 11:31:46 | 000,625,664 | ---- | M] () -- C:\Users\Eric\Desktop\dds.com
[2011/05/03 18:29:28 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/03 17:03:36 | 000,000,388 | -H-- | M] () -- C:\Windows\tasks\My Backup(5) xml.job
[2011/04/24 20:45:23 | 000,000,752 | ---- | M] () -- C:\Users\Eric\Desktop\Blues Lead Guitar.lnk
[2011/04/23 19:11:31 | 000,001,169 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\FILEminimizer Pictures.lnk
[2011/04/23 19:11:31 | 000,001,145 | ---- | M] () -- C:\Users\Eric\Desktop\Picture Minimiser.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/17 15:04:08 | 000,096,256 | ---- | C] () -- C:\Users\Eric\Desktop\SystemLook_x64.exe
[2011/05/16 15:36:22 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/16 15:22:02 | 052,676,424 | ---- | C] () -- C:\Users\Eric\Desktop\avira_antivir_personal_en.exe
[2011/05/14 15:31:53 | 000,625,664 | ---- | C] () -- C:\Users\Eric\Desktop\dds.com
[2011/05/03 18:29:28 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/25 07:59:18 | 000,000,388 | -H-- | C] () -- C:\Windows\tasks\My Backup(5) xml.job
[2011/04/24 20:45:37 | 000,000,752 | ---- | C] () -- C:\Users\Eric\Desktop\Blues Lead Guitar.lnk
[2011/04/23 19:11:31 | 000,001,169 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\FILEminimizer Pictures.lnk
[2011/04/23 19:11:31 | 000,001,145 | ---- | C] () -- C:\Users\Eric\Desktop\Picture Minimiser.lnk
[2011/03/14 18:15:53 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/02/17 18:23:49 | 000,004,608 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/14 12:59:10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/02/14 12:59:10 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/01/10 15:04:29 | 000,000,017 | ---- | C] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg
[2011/01/06 10:57:14 | 000,000,079 | ---- | C] () -- C:\Users\Eric\AppData\Local\CrystalDiskMark30.ini
[2011/01/05 23:05:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/04/27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

========== LOP Check ==========

[2011/04/26 22:46:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Audacity
[2011/03/02 09:48:04 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AVG10
[2011/01/10 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Canon
[2011/01/10 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CheckPoint
[2011/05/17 16:24:17 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Dropbox
[2011/04/23 20:29:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
[2011/05/13 23:20:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FreeCommander
[2011/02/25 14:26:28 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech
[2011/02/10 15:40:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LibreOffice
[2011/04/12 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\MAGIX
[2011/02/14 20:56:50 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ML
[2011/01/06 16:17:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\OpenOffice.org
[2011/01/06 20:54:26 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Opera
[2011/01/06 17:23:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Satmap
[2011/05/13 23:20:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TalkTalk
[2011/01/05 23:42:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Thunderbird
[2011/01/06 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TomTom
[2011/05/03 17:03:36 | 000,000,388 | -H-- | M] () -- C:\Windows\Tasks\My Backup(5) xml.job
[2011/04/20 18:44:15 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:0FD841FF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
esbark
Active Member
 
Posts: 8
Joined: May 14th, 2011, 6:39 am

Re: Browser hyjacked to searchqu by Virus

Unread postby askey127 » May 17th, 2011, 2:00 pm

esbark,
A lot of garbage here to get rid of.
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
    [2011/05/16 15:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions
    [2011/01/07 10:03:03 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2011/03/21 20:06:47 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2011/03/21 20:06:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\extensions\engine@conduit.com
    [2011/02/24 22:56:15 | 000,002,569 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\askcom.xml
    [2011/03/21 16:12:42 | 000,000,863 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\conduit.xml
    [2010/09/02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wwztwykj.default\searchplugins\iMeshWebSearch.xml
    O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
    O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - File not found
    O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Discordia, LTD)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
    O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
    O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
    
    @Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:0FD841FF
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again, check the box to include 64-bit scans, and click the Quick Scan button. Post the log it produces in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser hyjacked to searchqu by Virus

Unread postby esbark » May 17th, 2011, 2:30 pm

Askey127

I think you may have got it !! the redirection has gone !!





OTL logfile created on: 01/05/2011 19:20:04 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Eric\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): c:\pagefile.sys 1000 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 19.97 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 3.94 Gb Free Space | 13.45% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 2.04 Gb Free Space | 54.63% Space Free | Partition Type: FAT32
Drive G: | 931.51 Gb Total Space | 509.96 Gb Free Space | 54.75% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/21 18:13:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/24 13:30:12 | 001,115,536 | ---- | M] (Discordia, LTD) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2010/12/17 03:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/10/14 09:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2010/07/30 17:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
PRC - [2010/07/30 17:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/17 21:20:04 | 000,301,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV:64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/30 17:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe -- (GFIBckHAtt)
SRV - [2010/07/30 17:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe -- (GFIBckHSched)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 17:07:59 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:59 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/21 03:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/06/07 17:34:12 | 000,063,744 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwusb.sys -- (BTWUSB)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 9C D1 F9 B8 CB CB 01 [binary data]
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011/04/21 18:13:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2011/05/03 21:22:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/12/27 13:48:59 | 000,000,000 | ---D | M]

[2011/05/11 18:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/01/05 23:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/06 17:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/04/05 10:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/07 10:00:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/25 17:48:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 10\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 1
O7 - HKU\S-1-5-21-2885442965-1332903562-2435886763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk E:\
O32 - Unable to obtain root file information for disk G:\
O33 - MountPoints2\{1045699b-279d-11e0-9eee-0022686925d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1045699b-279d-11e0-9eee-0022686925d4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1b3b2e34-382a-11e0-939b-0022686925d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1b3b2e34-382a-11e0-939b-0022686925d4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 16:02:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 19:56:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Virus Scanning Results 1
[2011/05/16 15:45:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Avira
[2011/05/16 15:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/16 15:36:16 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/16 15:36:16 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/16 15:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/16 15:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/05/14 13:19:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/05/13 23:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/05/13 23:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/05/13 23:45:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/13 23:07:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2011/05/13 23:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 23:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/13 23:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/11 18:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/05/11 17:29:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\TalkTalk
[2011/05/03 18:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/03 18:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/03 18:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/03 18:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/05/03 18:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/03 18:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/04/24 11:58:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Justin Guitar
[2011/04/23 19:11:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
[2011/04/23 19:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Pictures 3.0
[2011/04/23 19:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FILEminimizer Pictures
[2011/04/12 15:24:12 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\MAGIX
[2011/04/12 14:17:41 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\vlc
[2011/04/12 14:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 17:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885442965-1332903562-2435886763-1000UA.job
[2011/05/17 15:03:37 | 000,096,256 | ---- | M] () -- C:\Users\Eric\Desktop\SystemLook_x64.exe
[2011/05/16 15:36:22 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/16 15:21:34 | 052,676,424 | ---- | M] () -- C:\Users\Eric\Desktop\avira_antivir_personal_en.exe
[2011/05/16 13:47:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885442965-1332903562-2435886763-1000Core.job
[2011/05/15 16:36:35 | 000,002,179 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/05/14 16:48:09 | 000,002,407 | ---- | M] () -- C:\Users\Eric\Desktop\Google Chrome.lnk
[2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/05/14 11:31:46 | 000,625,664 | ---- | M] () -- C:\Users\Eric\Desktop\dds.com
[2011/05/03 18:29:28 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/01 19:23:55 | 000,021,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 19:23:55 | 000,021,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 19:21:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/01 19:21:40 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/01 19:21:40 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/01 19:16:19 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/01 19:16:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/01 19:16:05 | 2213,941,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 19:13:13 | 000,000,388 | -H-- | M] () -- C:\Windows\tasks\My Backup(5) xml.job
[2011/05/01 19:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/24 20:45:23 | 000,000,752 | ---- | M] () -- C:\Users\Eric\Desktop\Blues Lead Guitar.lnk
[2011/04/23 19:11:31 | 000,001,169 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\FILEminimizer Pictures.lnk
[2011/04/23 19:11:31 | 000,001,145 | ---- | M] () -- C:\Users\Eric\Desktop\Picture Minimiser.lnk
[2011/04/15 10:41:06 | 000,276,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/13 16:22:54 | 001,833,978 | ---- | M] () -- C:\Users\Eric\Documents\003.JPG
[2011/04/12 14:17:24 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/12 14:15:46 | 020,586,196 | ---- | M] () -- C:\Users\Eric\Documents\vlc-1.1.8-win32.exe
[2011/04/11 07:50:44 | 000,009,837 | ---- | M] () -- C:\Users\Eric\Documents\Laptek Address.odt
[2011/04/07 20:43:06 | 000,000,908 | ---- | M] () -- C:\Users\Eric\Desktop\TomTom HOME.lnk
[2011/04/07 19:23:55 | 000,002,615 | ---- | M] () -- C:\Users\Public\Desktop\SatSYNC.lnk
[2011/04/06 11:03:42 | 000,026,066 | ---- | M] () -- C:\Users\Eric\Documents\pictures on website.odt
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/17 15:04:08 | 000,096,256 | ---- | C] () -- C:\Users\Eric\Desktop\SystemLook_x64.exe
[2011/05/16 15:36:22 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/16 15:22:02 | 052,676,424 | ---- | C] () -- C:\Users\Eric\Desktop\avira_antivir_personal_en.exe
[2011/05/14 15:31:53 | 000,625,664 | ---- | C] () -- C:\Users\Eric\Desktop\dds.com
[2011/05/03 18:29:28 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/25 07:59:18 | 000,000,388 | -H-- | C] () -- C:\Windows\tasks\My Backup(5) xml.job
[2011/04/24 20:45:37 | 000,000,752 | ---- | C] () -- C:\Users\Eric\Desktop\Blues Lead Guitar.lnk
[2011/04/23 19:11:31 | 000,001,169 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\FILEminimizer Pictures.lnk
[2011/04/23 19:11:31 | 000,001,145 | ---- | C] () -- C:\Users\Eric\Desktop\Picture Minimiser.lnk
[2011/04/13 16:20:42 | 001,833,978 | ---- | C] () -- C:\Users\Eric\Documents\003.JPG
[2011/04/12 14:17:24 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/12 14:15:24 | 020,586,196 | ---- | C] () -- C:\Users\Eric\Documents\vlc-1.1.8-win32.exe
[2011/04/11 07:50:39 | 000,009,837 | ---- | C] () -- C:\Users\Eric\Documents\Laptek Address.odt
[2011/04/07 20:43:06 | 000,000,908 | ---- | C] () -- C:\Users\Eric\Desktop\TomTom HOME.lnk
[2011/04/06 11:03:40 | 000,026,066 | ---- | C] () -- C:\Users\Eric\Documents\pictures on website.odt
[2011/03/14 18:15:53 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/02/17 18:23:49 | 000,004,608 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/14 12:59:10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/02/14 12:59:10 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/01/10 15:04:29 | 000,000,017 | ---- | C] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg
[2011/01/06 10:57:14 | 000,000,079 | ---- | C] () -- C:\Users\Eric\AppData\Local\CrystalDiskMark30.ini
[2011/01/05 23:05:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/04/27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

========== LOP Check ==========

[2011/04/26 22:46:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Audacity
[2011/03/02 09:48:04 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AVG10
[2011/01/10 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Canon
[2011/01/10 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CheckPoint
[2011/05/01 19:16:50 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Dropbox
[2011/04/23 20:29:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
[2011/05/13 23:20:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FreeCommander
[2011/02/25 14:26:28 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech
[2011/02/10 15:40:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LibreOffice
[2011/04/12 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\MAGIX
[2011/02/14 20:56:50 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ML
[2011/01/06 16:17:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\OpenOffice.org
[2011/01/06 20:54:26 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Opera
[2011/01/06 17:23:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Satmap
[2011/05/13 23:20:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TalkTalk
[2011/01/05 23:42:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Thunderbird
[2011/01/06 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TomTom
[2011/05/01 19:13:13 | 000,000,388 | -H-- | M] () -- C:\Windows\Tasks\My Backup(5) xml.job
[2011/04/20 18:44:15 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
esbark
Active Member
 
Posts: 8
Joined: May 14th, 2011, 6:39 am

Re: Browser hyjacked to searchqu by Virus

Unread postby askey127 » May 18th, 2011, 1:56 pm

esbark,
That's good. Looks like we are in the home stretch.
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - File not found
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
    FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser hyjacked to searchqu by Virus

Unread postby esbark » May 18th, 2011, 3:20 pm

Askey127

Log as requested

OTL logfile created on: 02/05/2011 20:11:37 - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Eric\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): c:\pagefile.sys 1000 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 19.83 Gb Free Space | 35.47% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 3.94 Gb Free Space | 13.45% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 509.96 Gb Free Space | 54.75% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/17 03:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/10/14 09:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2010/07/30 17:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
PRC - [2010/07/30 17:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/17 21:20:04 | 000,301,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV:64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/30 17:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe -- (GFIBckHAtt)
SRV - [2010/07/30 17:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe -- (GFIBckHSched)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 17:07:59 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:59 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/21 03:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/06/07 17:34:12 | 000,063,744 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwusb.sys -- (BTWUSB)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 9C D1 F9 B8 CB CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "http://www.normanbyvillage.org/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011/04/21 18:13:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2011/05/03 21:22:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/12/27 13:48:59 | 000,000,000 | ---D | M]

[2011/05/11 18:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/01/05 23:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/06 17:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/04/05 10:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/07 10:00:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/25 17:48:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 10\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk G:\
O33 - MountPoints2\{1045699b-279d-11e0-9eee-0022686925d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1045699b-279d-11e0-9eee-0022686925d4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1b3b2e34-382a-11e0-939b-0022686925d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1b3b2e34-382a-11e0-939b-0022686925d4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 16:02:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/16 19:56:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Virus Scanning Results 1
[2011/05/16 15:45:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Avira
[2011/05/16 15:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/16 15:36:16 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/16 15:36:16 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/16 15:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/16 15:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/05/14 13:19:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/05/13 23:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/05/13 23:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/05/13 23:45:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/13 23:07:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2011/05/13 23:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 23:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/13 23:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/11 18:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/05/11 17:29:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\TalkTalk
[2011/05/03 18:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/03 18:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/03 18:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/03 18:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/05/03 18:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/03 18:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/04/24 11:58:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Justin Guitar
[2011/04/23 19:11:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
[2011/04/23 19:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Pictures 3.0
[2011/04/23 19:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FILEminimizer Pictures
[2011/04/12 15:24:12 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\MAGIX
[2011/04/12 14:17:41 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\vlc
[2011/04/12 14:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 17:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885442965-1332903562-2435886763-1000UA.job
[2011/05/17 15:03:37 | 000,096,256 | ---- | M] () -- C:\Users\Eric\Desktop\SystemLook_x64.exe
[2011/05/16 15:36:22 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/16 15:21:34 | 052,676,424 | ---- | M] () -- C:\Users\Eric\Desktop\avira_antivir_personal_en.exe
[2011/05/16 13:47:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2885442965-1332903562-2435886763-1000Core.job
[2011/05/15 16:36:35 | 000,002,179 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/05/14 13:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/05/14 11:31:46 | 000,625,664 | ---- | M] () -- C:\Users\Eric\Desktop\dds.com
[2011/05/03 18:29:28 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/02 20:16:11 | 000,021,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 20:16:11 | 000,021,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/02 20:14:37 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/02 20:14:37 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/02 20:14:37 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/02 20:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/02 20:08:52 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/02 20:08:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/02 20:08:39 | 2213,941,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/01 19:13:13 | 000,000,388 | -H-- | M] () -- C:\Windows\tasks\My Backup(5) xml.job
[2011/04/24 20:45:23 | 000,000,752 | ---- | M] () -- C:\Users\Eric\Desktop\Blues Lead Guitar.lnk
[2011/04/23 19:11:31 | 000,001,169 | ---- | M] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\FILEminimizer Pictures.lnk
[2011/04/23 19:11:31 | 000,001,145 | ---- | M] () -- C:\Users\Eric\Desktop\Picture Minimiser.lnk
[2011/04/15 10:41:06 | 000,276,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/13 16:22:54 | 001,833,978 | ---- | M] () -- C:\Users\Eric\Documents\003.JPG
[2011/04/12 14:17:24 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/12 14:15:46 | 020,586,196 | ---- | M] () -- C:\Users\Eric\Documents\vlc-1.1.8-win32.exe
[2011/04/11 07:50:44 | 000,009,837 | ---- | M] () -- C:\Users\Eric\Documents\Laptek Address.odt
[2011/04/07 20:43:06 | 000,000,908 | ---- | M] () -- C:\Users\Eric\Desktop\TomTom HOME.lnk
[2011/04/07 19:23:55 | 000,002,615 | ---- | M] () -- C:\Users\Public\Desktop\SatSYNC.lnk
[2011/04/06 11:03:42 | 000,026,066 | ---- | M] () -- C:\Users\Eric\Documents\pictures on website.odt
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/17 15:04:08 | 000,096,256 | ---- | C] () -- C:\Users\Eric\Desktop\SystemLook_x64.exe
[2011/05/16 15:36:22 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/16 15:22:02 | 052,676,424 | ---- | C] () -- C:\Users\Eric\Desktop\avira_antivir_personal_en.exe
[2011/05/14 15:31:53 | 000,625,664 | ---- | C] () -- C:\Users\Eric\Desktop\dds.com
[2011/05/03 18:29:28 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/25 07:59:18 | 000,000,388 | -H-- | C] () -- C:\Windows\tasks\My Backup(5) xml.job
[2011/04/24 20:45:37 | 000,000,752 | ---- | C] () -- C:\Users\Eric\Desktop\Blues Lead Guitar.lnk
[2011/04/23 19:11:31 | 000,001,169 | ---- | C] () -- C:\Users\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\FILEminimizer Pictures.lnk
[2011/04/23 19:11:31 | 000,001,145 | ---- | C] () -- C:\Users\Eric\Desktop\Picture Minimiser.lnk
[2011/04/13 16:20:42 | 001,833,978 | ---- | C] () -- C:\Users\Eric\Documents\003.JPG
[2011/04/12 14:17:24 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/12 14:15:24 | 020,586,196 | ---- | C] () -- C:\Users\Eric\Documents\vlc-1.1.8-win32.exe
[2011/04/11 07:50:39 | 000,009,837 | ---- | C] () -- C:\Users\Eric\Documents\Laptek Address.odt
[2011/04/07 20:43:06 | 000,000,908 | ---- | C] () -- C:\Users\Eric\Desktop\TomTom HOME.lnk
[2011/04/06 11:03:40 | 000,026,066 | ---- | C] () -- C:\Users\Eric\Documents\pictures on website.odt
[2011/03/14 18:15:53 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/02/17 18:23:49 | 000,004,608 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/14 12:59:10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/02/14 12:59:10 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/01/10 15:04:29 | 000,000,017 | ---- | C] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg
[2011/01/06 10:57:14 | 000,000,079 | ---- | C] () -- C:\Users\Eric\AppData\Local\CrystalDiskMark30.ini
[2011/01/05 23:05:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/04/27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

========== LOP Check ==========

[2011/04/26 22:46:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Audacity
[2011/03/02 09:48:04 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AVG10
[2011/01/10 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Canon
[2011/01/10 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\CheckPoint
[2011/05/02 20:09:54 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Dropbox
[2011/04/23 20:29:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FILEminimizerPictures
[2011/05/13 23:20:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FreeCommander
[2011/02/25 14:26:28 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech
[2011/02/10 15:40:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LibreOffice
[2011/04/12 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\MAGIX
[2011/02/14 20:56:50 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ML
[2011/01/06 16:17:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\OpenOffice.org
[2011/01/06 20:54:26 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Opera
[2011/01/06 17:23:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Satmap
[2011/05/13 23:20:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TalkTalk
[2011/01/05 23:42:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Thunderbird
[2011/01/06 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TomTom
[2011/05/01 19:13:13 | 000,000,388 | -H-- | M] () -- C:\Windows\Tasks\My Backup(5) xml.job
[2011/04/20 18:44:15 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
esbark
Active Member
 
Posts: 8
Joined: May 14th, 2011, 6:39 am

Re: Browser hyjacked to searchqu by Virus

Unread postby askey127 » May 18th, 2011, 4:06 pm

esbark,
Just tidying up here. The machine looks good.
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    
    :Files
    C:\Users\Eric\AppData\Roaming\AVG10
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • You will not need to Scan again.

Open OTL again and click the CleanUp button to clear out the programs we use.

You should be good to go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser hyjacked to searchqu by Virus

Unread postby esbark » May 19th, 2011, 2:49 am

Askey127,

I have finished the tidy up and the machine is fine.

Thank you very much for your help and for showing me the pitfalls associated with p2p programs. I will not be using them again !!!
esbark
Active Member
 
Posts: 8
Joined: May 14th, 2011, 6:39 am

Re: Browser hyjacked to searchqu by Virus

Unread postby askey127 » May 19th, 2011, 6:18 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 311 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware