Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HELP! Being redirected from google.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HELP! Being redirected from google.

Unread postby buildmeup » August 18th, 2011, 7:30 pm

I seem to have caught a nasty bug on my laptop that redirects me when I click on links that come up from google searches. I've looked through other posts and tried some of the things that were recommended, have ran various programs and am having no luck getting rid of the nasty booger. My laptop is running pretty slow and web sites and downloads often give me a not responding response and i have to ctrl alt dlt out of them. I disabled my system restore points as another post said to do, I somewhat know my way around a computer but this is all kind of foreign to me, please help!


DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19120
Run by Russel at 16:17:43 on 2011-08-18
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3581.1932 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dldtcoms.exe
C:\Windows\system32\dleecoms.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110514014349.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} -
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [<NO NAME>]
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\users\russel\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.1.1
TCP: Interfaces\{EE2F7651-D06C-4638-AF83-027FD9498129} : DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\russel\appdata\roaming\mozilla\firefox\profiles\a03y3ofd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox ... S:official
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e4cc597 ... g=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\russel\appdata\roaming\mozilla\firefox\profiles\a03y3ofd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\russel\appdata\roaming\mozilla\firefox\profiles\a03y3ofd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: XUL Cache: {e83f6adf-e409-47b2-8186-1fe53e0b6ce5} - %profile%\extensions\{e83f6adf-e409-47b2-8186-1fe53e0b6ce5}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-2 387480]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-2 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-2 165032]
R2 AbsoluteNotifier;Absolute Notifier;c:\program files\absolute software\absolute notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c09c50a2\AEstSrv.exe [2010-8-28 73728]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-8 366640]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-2 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-2 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-2 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-2 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-2 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-2 141792]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-2 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-8 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-2 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-2 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-2 314088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [2009-7-1 98984]
S2 srv1368;srv1368;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-18 1025352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-8-28 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-2 84488]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-18 18:12:26 -------- d-----w- c:\program files\ESET
2011-08-18 15:54:52 -------- d-----w- C:\a447f6744122aa02f51eb91c22
2011-08-18 07:57:09 -------- d-----w- c:\users\russel\appdata\roaming\AVG10
2011-08-18 07:54:07 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-18 07:33:18 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4461625a-e289-4474-920a-f99ae71a0ddb}\mpengine.dll
2011-08-18 01:48:51 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-18 01:48:51 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-18 01:24:36 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-18 01:23:39 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-18 01:04:16 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-18 00:40:03 -------- d-----w- c:\windows\pss
2011-08-02 04:29:19 -------- d--h--w- C:\$AVG
2011-08-02 04:02:22 -------- d-----w- c:\users\russel\appdata\local\AVG Security Toolbar
2011-08-02 03:56:49 -------- d--h--w- c:\programdata\Common Files
2011-08-02 03:56:37 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-08-02 03:53:51 -------- d-----w- c:\programdata\AVG10
2011-08-02 03:52:44 -------- d-----w- c:\program files\AVG
2011-08-02 03:47:09 -------- d-----w- c:\programdata\MFAData
2011-07-30 14:12:40 -------- d-----w- c:\users\russel\appdata\roaming\V715w
2011-07-29 17:50:09 -------- d-----w- c:\programdata\Ezprint
2011-07-29 17:48:22 49152 ----a-w- c:\windows\system32\DLEEPMON.DLL
2011-07-29 17:48:22 32768 ----a-w- c:\windows\system32\DLEEFXPU.DLL
2011-07-29 17:48:02 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2011-07-29 17:48:02 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
2011-07-29 17:48:02 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
2011-07-29 17:48:02 5709824 ----a-w- c:\windows\system32\DLEEoem.dll
2011-07-29 17:48:02 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
2011-07-29 17:48:02 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2011-07-29 17:47:58 -------- d-----w- c:\programdata\V715w
2011-07-29 17:47:50 372736 ----a-w- c:\windows\system32\DLEEwupd.dll
2011-07-29 17:47:50 213672 ----a-w- c:\windows\system32\DLEEwupd.exe
2011-07-29 17:47:08 -------- d-----w- c:\program files\Dell Toolbar
2011-07-29 17:46:49 7680 ----a-w- c:\windows\system32\NativeCall.dll
2011-07-29 17:46:49 385024 ----a-w- c:\windows\system32\DLEEinst.dll
2011-07-29 17:46:46 372736 ----a-w- c:\windows\system32\dleecomm.dll
2011-07-29 17:27:44 -------- d-----w- c:\programdata\dl_Cats
2011-07-29 17:27:31 157696 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\dleedrpp.dll
2011-07-29 17:27:22 -------- d-----w- c:\program files\Dell V715w
2011-07-22 15:17:11 -------- d-----w- c:\program files\TuneUpMedia
2011-07-22 15:16:41 -------- d-----w- c:\users\russel\appdata\roaming\TuneUpMedia
2011-07-22 15:16:30 -------- d-----w- c:\programdata\TuneUpMedia
2011-07-22 15:10:40 -------- d-----w- c:\users\russel\appdata\roaming\Spotify
2011-07-22 15:10:40 -------- d-----w- c:\users\russel\appdata\local\Spotify
2011-07-22 15:10:37 -------- d-----w- c:\program files\Spotify
.
==================== Find3M ====================
.
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:19:37.12 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 8/28/2010 8:31:39 AM
System Uptime: 8/18/2011 4:11:30 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0D501F
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | Microprocessor | 2101/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 210.601 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.114 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Biometric Coprocessor
Device ID: USB\VID_0483&PID_2016\5&1397FC76&0&2
Manufacturer:
Name: Biometric Coprocessor
PNP Device ID: USB\VID_0483&PID_2016\5&1397FC76&0&2
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: HP Photosmart C4500
Device ID: ROOT\IMAGE\0000
Manufacturer: Hewlett-Packard
Name: HP Photosmart C4500
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp color LaserJet 2550 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 2550 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CP1518ni
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP1518ni
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4015
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4015
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4015
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4015
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4515
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4515
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4200
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4200
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp LaserJet 4200
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4200
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4515
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4515
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Absolute Notifier
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Bonjour
BufferChm
C4580
CDDRV_Installer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Copy
Curse Client
Dell Resource CD
Dell V305
Dell V715w
Dell Wireless WLAN Card Utility
Destination Component
DeviceDiscovery
Driver Mender
ESET Online Scanner v3
Google Desktop
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel® Matrix Storage Manager
iTunes
KhalSetup
Laptop Integrated Webcam Driver (1.04.01.1011)
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Marvell Miniport Driver
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Miro
Mobile Broadband Generic Drivers
Mozilla Firefox (3.6.20)
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
Network
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Picasa 2
Prealgebra
Prealgebra (Fall 2010 Student)
PS_AIO_02_Software_Min
PS_AIO_04_C4580_Software_Min
QuickTime
Remote Desktop Connection
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SetPoint
Shop for HP Supplies
SigmaTel Audio
SmartWebPrinting
SolutionCenter
Spotify
Status
Toolbox
TrayApp
TuneUp Companion 2.2.1
Uninstall AOL Emergency Connect Utility 1.0
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
Verizon Wireless USB760 Firmware Updates
Viewpoint Media Player
VZAccess Manager
WebReg
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Live ID Sign-in Assistant
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
8/18/2011 9:21:00 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/18/2011 9:15:44 AM, Error: EventLog [6008] - The previous system shutdown at 9:11:15 AM on 8/18/2011 was unexpected.
8/18/2011 8:59:42 AM, Error: EventLog [6008] - The previous system shutdown at 8:56:50 AM on 8/18/2011 was unexpected.
8/18/2011 4:13:30 PM, Error: Service Control Manager [7023] - The srv1368 service terminated with the following error: The specified procedure could not be found.
8/18/2011 4:13:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dleeCATSCustConnectService service to connect.
8/18/2011 4:13:30 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/18/2011 4:13:30 PM, Error: Service Control Manager [7000] - The dleeCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/18/2011 12:39:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "230" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
8/18/2011 12:20:59 AM, Error: EventLog [6008] - The previous system shutdown at 12:08:28 AM on 8/18/2011 was unexpected.
8/18/2011 12:13:10 PM, Error: EventLog [6008] - The previous system shutdown at 12:10:56 PM on 8/18/2011 was unexpected.
8/18/2011 1:19:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/18/2011 1:19:38 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/18/2011 1:19:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/18/2011 1:03:57 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Photosmart C4500 series with shared resource name HP Photosmart C4500 series. Error 2114. The printer cannot be used by others on the network.
8/17/2011 6:41:13 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:40:57 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:40:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/17/2011 6:40:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/17/2011 6:40:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/17/2011 6:40:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/17/2011 6:40:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/17/2011 6:40:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/17/2011 6:39:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/17/2011 5:45:35 PM, Error: EventLog [6008] - The previous system shutdown at 5:43:57 PM on 8/17/2011 was unexpected.
8/17/2011 5:35:22 PM, Error: EventLog [6008] - The previous system shutdown at 5:33:50 PM on 8/17/2011 was unexpected.
8/17/2011 4:59:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/17/2011 4:58:57 PM, Error: Service Control Manager [7023] - The srv167C service terminated with the following error: The specified procedure could not be found.
8/17/2011 4:58:14 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.126. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
8/17/2011 4:57:30 PM, Error: EventLog [6008] - The previous system shutdown at 4:55:57 PM on 8/17/2011 was unexpected.
8/17/2011 4:50:02 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/17/2011 4:38:20 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/17/2011 4:19:22 PM, Error: EventLog [6008] - The previous system shutdown at 4:17:49 PM on 8/17/2011 was unexpected.
8/17/2011 4:12:07 PM, Error: Service Control Manager [7034] - The dlee_device service terminated unexpectedly. It has done this 1 time(s).
8/17/2011 4:09:12 PM, Error: EventLog [6008] - The previous system shutdown at 4:07:00 PM on 8/17/2011 was unexpected.
8/17/2011 2:06:25 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
8/17/2011 12:34:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
8/17/2011 1:24:54 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
8/17/2011 1:21:37 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/17/2011 1:18:04 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/16/2011 8:53:33 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BROWN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EE2F7651-D06C-4638-AF83-027FD9498. The master browser is stopping or an election is being forced.
8/15/2011 4:08:07 PM, Error: EventLog [6008] - The previous system shutdown at 10:51:03 AM on 8/15/2011 was unexpected.
8/14/2011 9:04:35 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
8/14/2011 9:04:24 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.138 for the Network Card with network address 00225F40B122 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/12/2011 10:56:32 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - Aesthetic Contemplation, owned by Russel, failed to print on printer Dell V715w (Network). Try to print the document again, or restart the print spooler. Data type: LEMF. Size of the spool file in bytes: 173554. Number of bytes printed: 0. Total number of pages in the document: 6. Number of pages printed: 0. Client computer: \\KATIE-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
8/12/2011 10:54:57 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - Document2, owned by Russel, failed to print on printer Dell V715w (Network). Try to print the document again, or restart the print spooler. Data type: LEMF. Size of the spool file in bytes: 22976. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\KATIE-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
8/12/2011 10:51:11 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - Document2, owned by Russel, failed to print on printer Dell V715w (Network). Try to print the document again, or restart the print spooler. Data type: LEMF. Size of the spool file in bytes: 22976. Number of bytes printed: 22976. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\KATIE-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
.
==== End Of File ===========================
buildmeup
Active Member
 
Posts: 8
Joined: August 18th, 2011, 7:22 pm
Advertisement
Register to Remove

Re: HELP! Being redirected from google.

Unread postby diver79 » August 21st, 2011, 6:20 pm

Hi and welcome to MalwareRemoval.com, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems. I am currently in training at the Malware University. All of my instructions need to be checked and approved by a teacher, which may lead to a slight delay.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer only! Using these instructions on a different computer, can make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP?
How to backup your data - Vista/Win7

Looking over your logs now. Will post instructions soon.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: HELP! Being redirected from google.

Unread postby diver79 » August 23rd, 2011, 4:18 am

Hi buildmeup,

There are several toolbars on the machine that may account for the redirection. I will need you to remove some programs and perform an OTL scan before we get rid of the toolbars. Please follow the instructions below.

multiple Anti Virus programs
  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    McAfee Anti-Virus and Anti-Spyware
    AVG Internet Security 2011
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
  • Please remove one of them.


Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
MarketResearch
Viewpoint Media Player
Un-needed Anti-Virus Program


OTL Scan
  • Download OTL to your desktop.
  • Right click on the icon and select Run as Administrator. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: HELP! Being redirected from google.

Unread postby buildmeup » August 23rd, 2011, 12:04 pm

Thanks for the quick reply! So I ended up taking my laptop to a computer repair guy, it got to the point that it was almost unusable because of how slow it was running and the constant error messages, he got rid of my plethora of anti-virus programs, and set me up with just malwarebytes and avast, and got rid of the the nasty viruses. I thought things were totally fixed, but like an hour after having my laptop, and having done a few successful google searches without being redirected, I did another google search and started being redirected again. That is the only symptom I currently have, everything else is running very smoothly. So I uninstalled the things you told me to, and was unsure if i should still download the program you told me to since I already have two others. Let me know what you would like me to do next since things have changed a bit, thanks!
buildmeup
Active Member
 
Posts: 8
Joined: August 18th, 2011, 7:22 pm

Re: HELP! Being redirected from google.

Unread postby buildmeup » August 23rd, 2011, 12:07 pm

And just to be clear, I currently have malwarebytes and avast.
buildmeup
Active Member
 
Posts: 8
Joined: August 18th, 2011, 7:22 pm

Re: HELP! Being redirected from google.

Unread postby diver79 » August 23rd, 2011, 1:11 pm

Hi buildmeup,

No problem, just follow the instructions for producing the two OTL reports.

Please do not make any other changes while I am assisting you as it may interfere with the logs I will be working from.

Thanks,

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: HELP! Being redirected from google.

Unread postby buildmeup » August 23rd, 2011, 1:41 pm

OTL logfile created on: 8/23/2011 10:31:54 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Russel\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 64.54% Memory free
7.18 Gb Paging File | 5.93 Gb Available in Paging File | 82.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 188.84 Gb Free Space | 66.14% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.11 Gb Free Space | 41.10% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: KATIE-PC | User Name: Russel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Russel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Microsoft)
PRC - C:\Windows\System32\dleecoms.exe ( )
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dldtcoms.exe ( )
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe (Logitech Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()


========== Win32 Services (SafeList) ==========

SRV - (srv1368) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AbsoluteNotifier) -- C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Microsoft)
SRV - (dlee_device) -- C:\Windows\System32\dleecoms.exe ( )
SRV - (dleeCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe ()
SRV - (dldt_device) -- C:\Windows\System32\dldtcoms.exe ( )
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe (IDT, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (NWUSBCDFIL) -- C:\Windows\System32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\Windows\System32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {e83f6adf-e409-47b2-8186-1fe53e0b6ce5}:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.20
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/08/31 05:56:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/08/17 17:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/21 20:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/21 20:12:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/22 20:38:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/08/17 17:17:13 | 000,000,000 | ---D | M]

[2010/08/28 12:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russel\AppData\Roaming\mozilla\Extensions
[2010/08/28 12:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russel\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/08/22 17:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions
[2011/08/17 17:17:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/17 17:17:06 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/17 17:16:27 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{e83f6adf-e409-47b2-8186-1fe53e0b6ce5}
[2011/08/17 17:17:11 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\personas@christopher.beard
[2011/08/17 17:16:18 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\searchtoolbar@zugo.com
[2010/09/11 09:00:40 | 000,001,832 | ---- | M] () -- C:\Users\Russel\AppData\Roaming\Mozilla\Firefox\Profiles\a03y3ofd.default\searchplugins\bing.xml
[2011/08/18 01:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/18 00:22:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/08/17 17:17:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/08/21 20:59:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/08/18 00:22:24 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/08/18 00:22:24 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2010/08/28 12:45:26 | 000,119,808 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/18 00:22:27 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2011/06/06 12:55:30 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/12/29 23:00:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/12/29 23:00:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/12/29 23:00:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/12/29 23:00:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/12/29 23:00:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/12/29 23:00:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/12/29 23:00:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2010/07/22 16:41:04 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/07/22 16:41:04 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/08/18 01:06:29 | 000,002,359 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2010/07/22 16:41:04 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2010/07/22 16:41:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2010/07/22 16:41:04 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/08/28 12:45:26 | 000,002,020 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
[2010/07/22 16:41:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/07/22 16:41:04 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Russel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Russel\Downloads\optimist prime.jpg
O24 - Desktop BackupWallPaper: C:\Users\Russel\Downloads\optimist prime.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{71231af9-b2b9-11df-b479-002269c1a135}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe
O33 - MountPoints2\{8ea7a9b5-bce7-11df-96a7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8ea7a9b5-bce7-11df-96a7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{8ea7aa04-bce7-11df-96a7-002269c1a135}\Shell - "" = AutoRun
O33 - MountPoints2\{8ea7aa04-bce7-11df-96a7-002269c1a135}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{e81ac337-b2b6-11df-b221-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e81ac337-b2b6-11df-b221-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/23 10:27:23 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Russel\Desktop\OTL.exe
[2011/08/22 20:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/22 20:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/22 20:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/21 20:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/21 20:41:04 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/08/21 20:41:04 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/08/21 20:41:03 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/08/21 20:41:01 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/08/21 20:41:01 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/08/21 20:40:59 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/08/21 20:40:40 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/21 20:40:39 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/08/21 20:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/21 20:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/21 08:46:14 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/08/20 20:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2011/08/20 16:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/08/19 23:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/08/18 16:32:23 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/18 16:31:36 | 000,750,296 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Russel\Desktop\install_flashplayer10_chra_aih.exe
[2011/08/18 16:17:25 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Russel\Desktop\dds.scr
[2011/08/18 10:47:33 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Russel\Desktop\TFC.exe
[2011/08/18 08:54:52 | 000,000,000 | ---D | C] -- C:\a447f6744122aa02f51eb91c22
[2011/08/18 00:57:09 | 000,000,000 | ---D | C] -- C:\Users\Russel\AppData\Roaming\AVG10
[2011/08/18 00:54:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/08/17 22:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/08/17 18:56:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/17 18:56:43 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/17 18:56:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/17 18:56:42 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/17 18:56:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/17 18:56:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/17 18:56:42 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/17 18:56:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/17 18:56:42 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/17 18:56:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/17 18:56:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/17 18:56:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/17 18:56:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/17 18:56:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/17 18:56:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/17 18:56:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/17 18:56:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/17 18:56:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/17 18:48:51 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/17 18:48:51 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/17 18:24:36 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/17 17:40:03 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/08/17 17:35:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/17 12:16:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/01 20:56:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/08/01 20:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/08/01 20:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/30 07:12:40 | 000,000,000 | ---D | C] -- C:\Users\Russel\AppData\Roaming\V715w
[2011/07/29 10:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2011/07/29 10:48:02 | 000,339,968 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IMGMAN32.DLL
[2011/07/29 10:48:02 | 000,098,345 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IMHOST32.DLL
[2011/07/29 10:48:02 | 000,098,304 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31XPNG.DEL
[2011/07/29 10:48:02 | 000,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31XTIF.DEL
[2011/07/29 10:48:02 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31IMG.DIL
[2011/07/29 10:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\V715w
[2011/07/29 10:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Toolbar
[2011/07/29 10:46:49 | 000,007,680 | ---- | C] (eaio) -- C:\Windows\System32\NativeCall.dll
[2011/07/29 10:46:46 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\dleecomm.dll
[2011/07/29 10:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\dl_Cats
[2011/07/29 10:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\Dell V715w
[2010/09/30 17:10:38 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
[2010/09/30 17:10:37 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2010/09/30 17:10:37 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2010/09/30 17:10:37 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2010/09/30 17:10:36 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2010/09/30 17:10:36 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2010/09/30 17:10:36 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2010/09/30 17:10:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[2010/09/30 17:10:34 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2010/09/30 17:10:34 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
[2010/09/30 17:10:33 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
[2010/09/30 17:10:32 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2010/09/30 17:10:32 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
[2010/09/30 17:10:32 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe
[2009/07/01 13:06:50 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\dleeih.exe
[2009/07/01 13:06:48 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\dleecoms.exe
[2009/07/01 13:06:48 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\dleecfg.exe
[2009/06/09 17:11:20 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\dleecoin.dll
[2009/05/14 14:27:12 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dleepmui.dll
[2009/05/14 14:22:02 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\dleeserv.dll
[2009/05/14 14:19:52 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\dleehbn3.dll
[2009/05/14 14:18:54 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\dleeusb1.dll
[2009/05/14 14:17:34 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\dleehcp.dll
[2009/05/14 14:16:20 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\dleelmpm.dll
[2009/05/14 14:15:48 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\dleeiesc.dll
[2009/05/14 14:15:38 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dleeinpa.dll
[2009/05/14 14:15:36 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\dleecomc.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Russel\Documents\*.tmp files -> C:\Users\Russel\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/23 10:39:03 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D84845C9-3A7C-407A-AF2A-37CB8DA5ECEE}.job
[2011/08/23 10:27:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Russel\Desktop\OTL.exe
[2011/08/23 09:55:52 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 09:55:52 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 09:31:44 | 000,002,627 | ---- | M] () -- C:\Users\Russel\Desktop\Microsoft Office Word 2007.lnk
[2011/08/23 07:56:54 | 000,082,670 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/08/23 07:55:57 | 000,082,670 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/08/23 06:15:41 | 000,001,627 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/22 20:38:45 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/21 20:59:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/21 20:41:05 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/21 20:38:49 | 000,239,104 | ---- | M] () -- C:\Users\Russel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/21 08:46:14 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/08/21 08:37:11 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/08/20 20:35:09 | 000,001,356 | ---- | M] () -- C:\Users\Russel\AppData\Local\d3d9caps.dat
[2011/08/20 19:55:04 | 000,002,412 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/08/20 19:38:00 | 302,058,991 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/20 17:08:19 | 000,000,906 | ---- | M] () -- C:\Users\Russel\Documents\log.xml
[2011/08/18 16:32:23 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/18 16:31:36 | 000,750,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Russel\Desktop\install_flashplayer10_chra_aih.exe
[2011/08/18 16:17:29 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Russel\Desktop\dds.scr
[2011/08/18 10:49:11 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Russel\Desktop\TFC.exe
[2011/07/29 10:49:47 | 000,236,925 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2011/07/29 10:47:19 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\Launch Dell Printer Home.LNK
[2011/07/28 22:50:01 | 000,000,064 | ---- | M] () -- C:\Windows\System32\241016055
[2011/07/28 20:03:02 | 000,000,789 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Russel\Documents\*.tmp files -> C:\Users\Russel\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/22 20:38:45 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/22 20:38:44 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/21 20:41:05 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/20 19:55:04 | 000,002,412 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/08/20 17:08:19 | 000,000,906 | ---- | C] () -- C:\Users\Russel\Documents\log.xml
[2011/08/20 16:41:30 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/08/17 17:34:58 | 302,058,991 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/29 10:48:22 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DLEEPMON.DLL
[2011/07/29 10:48:22 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLEEFXPU.DLL
[2011/07/29 10:48:02 | 005,709,824 | ---- | C] () -- C:\Windows\System32\DLEEoem.dll
[2011/07/29 10:47:50 | 000,372,736 | ---- | C] () -- C:\Windows\System32\DLEEwupd.dll
[2011/07/29 10:47:50 | 000,213,672 | ---- | C] () -- C:\Windows\System32\DLEEwupd.exe
[2011/07/29 10:47:19 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\Launch Dell Printer Home.LNK
[2011/07/29 10:46:49 | 000,385,024 | ---- | C] () -- C:\Windows\System32\DLEEinst.dll
[2011/07/28 22:50:00 | 000,000,064 | ---- | C] () -- C:\Windows\System32\241016055
[2011/04/06 22:09:18 | 000,012,294 | -HS- | C] () -- C:\Users\Russel\AppData\Local\d370ib50k8d5s35bk41t72fyy28xc84
[2011/04/06 22:09:18 | 000,012,294 | -HS- | C] () -- C:\ProgramData\d370ib50k8d5s35bk41t72fyy28xc84
[2011/01/24 16:43:32 | 000,027,503 | ---- | C] () -- C:\Users\Russel\AppData\Roaming\UserTile.png
[2011/01/10 14:11:16 | 000,142,972 | ---- | C] () -- C:\Windows\hpoins21.dat
[2011/01/10 14:11:16 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2011/01/07 22:52:12 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/11/07 10:18:30 | 000,077,377 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/09/30 17:14:44 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2010/09/30 17:10:53 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2010/09/30 17:10:53 | 000,017,648 | ---- | C] () -- C:\Windows\System32\dldtwupd.exe
[2010/09/30 17:10:38 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
[2010/09/30 17:10:37 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2010/09/30 17:10:35 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2010/09/30 17:10:35 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2010/09/30 17:10:35 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2010/09/30 17:10:35 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2010/09/30 17:10:34 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2010/09/30 17:10:33 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2010/09/30 17:10:33 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2010/09/30 17:10:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2010/09/30 17:10:32 | 000,077,906 | ---- | C] () -- C:\Windows\System32\DLDTcfg.dll
[2010/09/11 07:41:12 | 000,000,547 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2010/09/11 07:14:38 | 000,150,767 | ---- | C] () -- C:\Windows\hpoins30.dat
[2010/09/01 17:27:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/09/01 17:27:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/01 17:27:25 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/08/30 06:25:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/28 15:47:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/28 14:49:24 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/28 14:10:08 | 000,003,653 | ---- | C] () -- C:\Windows\dhstatus.dat
[2010/08/28 13:41:16 | 000,003,456 | ---- | C] () -- C:\Windows\checkip.dat
[2010/08/28 11:11:15 | 000,082,670 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/28 11:11:12 | 000,082,670 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/28 10:46:15 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010/08/28 10:46:13 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2010/08/28 10:32:13 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2010/08/28 08:46:14 | 000,239,104 | ---- | C] () -- C:\Users\Russel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/28 08:37:20 | 000,001,356 | ---- | C] () -- C:\Users\Russel\AppData\Local\d3d9caps.dat
[2010/08/28 08:26:01 | 000,001,627 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/26 20:18:12 | 000,086,183 | ---- | C] () -- C:\Windows\System32\dleecfg.dll
[2009/05/22 07:01:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dleecuir.dll
[2009/05/22 07:01:14 | 000,294,912 | ---- | C] () -- C:\Windows\System32\dleecui.dll
[2009/05/22 06:59:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dleeinsr.dll
[2009/05/22 06:59:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dleecur.dll
[2009/05/22 06:59:26 | 000,057,344 | ---- | C] () -- C:\Windows\System32\dleejswr.dll
[2009/05/22 06:58:46 | 000,262,144 | ---- | C] () -- C:\Windows\System32\dleeinsb.dll
[2009/05/22 06:58:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dleecub.dll
[2009/05/22 06:58:26 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dleegrd.dll
[2009/05/22 06:58:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\dleecu.dll
[2009/05/22 06:57:48 | 000,323,584 | ---- | C] () -- C:\Windows\System32\dleeins.dll
[2009/05/22 06:44:36 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dleegcfg.dll
[2009/02/12 11:33:54 | 000,028,672 | ---- | C] () -- C:\Windows\System32\dleesmr.dll
[2009/02/12 11:33:16 | 000,299,008 | ---- | C] () -- C:\Windows\System32\dleesm.dll
[2008/12/05 03:52:59 | 000,000,547 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2008/03/05 02:55:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dleevs.dll
[2008/02/21 13:41:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
[2008/02/19 15:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
[2008/01/20 19:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/11/13 12:13:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
[2007/04/28 07:41:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:46:27 | 000,270,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/08/17 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\Absolute Software
[2011/08/18 00:57:09 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\AVG10
[2011/04/07 18:53:31 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\gtk-2.0
[2011/08/17 17:16:25 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\Mumble
[2011/01/08 17:14:34 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\Participatory Culture Foundation
[2011/04/07 19:00:10 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\PCF-VLC
[2011/01/24 16:43:31 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\PeerNetworking
[2010/09/30 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\SmartDraw
[2011/08/17 17:17:06 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\Smith Micro
[2011/08/18 00:08:50 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\Spotify
[2011/07/09 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\TeamViewer
[2010/08/28 10:54:43 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\TMP
[2011/07/22 09:01:39 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\TuneUpMedia
[2011/07/30 07:12:42 | 000,000,000 | ---D | M] -- C:\Users\Russel\AppData\Roaming\V715w
[2011/08/23 06:15:41 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/23 10:39:03 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D84845C9-3A7C-407A-AF2A-37CB8DA5ECEE}.job

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 8/23/2011 10:31:54 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Russel\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 64.54% Memory free
7.18 Gb Paging File | 5.93 Gb Available in Paging File | 82.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 188.84 Gb Free Space | 66.14% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.11 Gb Free Space | 41.10% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: KATIE-PC | User Name: Russel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E082D5-CC72-45F7-BDD9-CAFB688C7036}" = rport=137 | protocol=17 | dir=out | app=system |
"{01C3444B-AB37-4207-AF5C-30F5167B400F}" = lport=445 | protocol=6 | dir=in | app=system |
"{0EA7EF22-B909-4916-BC3C-630FD95F76D3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F069CB6-6010-40E0-84B2-D813A9B4047C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{12DF021F-FA80-4422-9C8B-3028EB180B92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{300D9257-3B1B-4685-B20A-DE306BD76B68}" = lport=138 | protocol=17 | dir=in | app=system |
"{32D0FC9D-65FC-47D7-988B-6E488863EACE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4DF526FA-9540-4E04-A6A4-4C3BFDDF9FED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5510CC76-25B1-424C-92CC-E683EA06DEAE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{55F6BA26-5EE7-4379-BB6D-F9BF1232A7C8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5A312598-0839-4ACA-BEA0-077C44F3BA56}" = lport=67 | protocol=17 | dir=in | name=dhcp server |
"{5C00CC63-B647-4722-85EA-A695691AB55C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6309EEA0-DEC6-47F3-897A-7AAB5F7ED438}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6668A353-0A70-4782-80B7-9241121FC3B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A7F11AC-8FCE-4286-A6A9-583798628875}" = lport=139 | protocol=6 | dir=in | app=system |
"{97652BD7-0A53-4133-B35F-A60E5FA07A77}" = lport=10243 | protocol=6 | dir=in | app=system |
"{985BF29A-3832-4252-B3D6-59082D6DC8B7}" = rport=139 | protocol=6 | dir=out | app=system |
"{A8E94700-5725-4B32-B869-060B78ECE00A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B18909BC-A84A-4532-B82D-083050DA164E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B791ED8D-F91C-41EE-9428-58F693881240}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BAB1D72E-EF2D-463D-B222-23908007F2AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF3B000F-6BCD-441E-A8BC-C6698B39FFDC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C2B79082-A791-49FA-9B3C-97B360973F5A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB0ED77E-7A0F-47B0-B47B-4C8C879B2243}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{D01B6056-839E-42A0-8C6A-52BC6115FDEA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D32237FF-B2EF-4458-96CD-F0E5AB3DA433}" = rport=445 | protocol=6 | dir=out | app=system |
"{D845D4A1-554F-4430-9E50-C3EC1525B79D}" = lport=137 | protocol=17 | dir=in | app=system |
"{DCDFD09B-43EF-432D-8C30-A0B8EA4DBE97}" = rport=138 | protocol=17 | dir=out | app=system |
"{EEFE7075-6696-40D7-B659-736D1CF95A10}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{F0201D09-19B6-4213-9C13-303B1DA6CD50}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F40DE82B-E016-44B5-8EF2-914E106CB855}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0237C5D7-65E2-47EC-8462-378F23D4628A}" = protocol=6 | dir=in | app=c:\program files\hawkes learning systems\pre\common\disp.exe |
"{04A60D0C-1FDF-4C3E-B0A7-80E830DD10EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0587CD5F-5999-4118-8FF9-FE4104ED4AA3}" = protocol=17 | dir=in | app=c:\program files\aol 9.5\waol.exe |
"{0AE8595D-C8D7-4DE6-8074-1134383B2608}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0D3D4D6F-71EE-4F17-94CF-D853A9D55797}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{0F66B48F-7689-4EF4-9263-19CF0E7C073F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{0FB68E6C-CC23-43F4-B96B-743D49F2584A}" = protocol=17 | dir=in | app=c:\program files\hawkes learning systems\pre\common\toc.exe |
"{131EEC1D-5F66-4CDF-BFF4-39B1BD901DD3}" = protocol=17 | dir=in | app=c:\program files\hawkes learning systems\pre\common\algcom.exe |
"{14749F8F-B063-4AC1-A76A-63F2779E0E01}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{16DB08F8-A7B1-409A-B73F-E36DE15FE679}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{180F15FB-E8F3-4907-A9B7-FAB7C9B17CD7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{183A5AD2-B706-49CB-8ADE-0113405FED21}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{190DFCC2-3E1B-42F0-B694-178836D9AE8F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1D4CB49E-CFD5-435D-9333-70C1281D6BF3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{1F23479C-C691-4A35-8F44-B2749F6ECC46}" = protocol=17 | dir=in | app=c:\program files\hawkes learning systems\pre\common\toc.exe |
"{213A540B-7FB7-41FC-91BB-22E763D2512D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{2396500F-84E6-4C39-A27B-C9D2B6977C79}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2B16DD79-ACDE-43D6-B05E-40B4A13A0A38}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"{3547E887-A15F-48B4-B3E1-D7E7478A885E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{390323D8-F12B-49A5-830C-8C7AE8132610}" = protocol=17 | dir=in | app=c:\program files\hawkes learning systems\pre\common\disp.exe |
"{3953ABB3-F270-4661-9CAB-1CA66EB92C40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{3B7FF22C-28E1-4EA6-BA62-530783D65373}" = protocol=6 | dir=in | app=c:\program files\aol 9.5a\waol.exe |
"{3C6B2146-F217-4755-8710-6983A5EEF355}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E823025-644E-45D0-AD6A-18F65456C3FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{4372E4D9-E8C4-44D9-AE78-DA8B5AFDEAE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4499B4DE-5E39-4DFF-8FB2-7B66651580C9}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"{4994182E-3F22-4CE1-88F1-165E04165F74}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{49AAF98B-BB54-4B3B-A27A-730957975E4F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{4A2C9BEE-7F3D-4154-9198-4EACC4F5DDA9}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
"{5047F5C8-2FE3-438C-81D4-5951DDF1E212}" = protocol=6 | dir=in | app=c:\program files\aol 9.5\waol.exe |
"{5070366A-663A-4FEF-B4AF-DF3E277A7A9D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1283032369\ee\aolsoftware.exe |
"{51D7A37A-E9D3-4A0A-B3D9-2FFD8CC5C9ED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{53F00A38-3BE7-4065-816B-961033E49CC8}" = protocol=6 | dir=in | app=c:\program files\hawkes learning systems\pre\common\disp.exe |
"{56431A8A-51A6-49DC-BA01-336CC76452F7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{5723A226-D753-4498-84F8-525510A27F84}" = protocol=17 | dir=in | app=c:\program files\aol 9.5a\waol.exe |
"{5A13E547-880E-462D-8A4E-174108074820}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5CAAF082-D822-4AA4-B593-72CF123B0EFD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5CDFED28-DF2E-47F4-9FF8-7C7654B15686}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6618853A-949B-4E4C-901E-352DDC7F0365}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{67BB19B1-AC7B-491A-8DCD-FA2CBA109B34}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{6D80E1A7-1931-478B-BC35-2CA8061B8459}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{6E7EFBA1-ABA6-4174-BB2E-FB1B38EE46F5}" = protocol=17 | dir=in | app=c:\program files\dell v305\frun.exe |
"{715FD139-6810-4AD4-BEF4-8D696BF6AD9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{7428A3EC-AFD0-4959-8901-0617BE23C74A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{78553E28-F946-4129-8433-95575D59604C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{7A62E372-09A2-4F9D-8BEC-BA5C502A3ED9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{7DCB7E8A-5FC4-48F3-818F-7CEC6A382889}" = protocol=6 | dir=out | app=system |
"{7E25A6A3-F66D-42BB-8649-E10DB1CA3EFE}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{825C75E3-1A8D-4494-BBA7-A51082E69D82}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{82A8B601-E6B9-43A4-B389-E768B714D931}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{85A85A98-D8B7-498F-9164-FBD936EB5844}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
"{890624BB-F844-4A5F-8BB2-3D34E04A3327}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{8A9975AC-648E-4E00-83C1-3D962EC51423}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D1F3184-F649-467F-82EA-69C4463A9D9A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8EBFF800-F812-422C-BD7A-D367E3084590}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{8FD914B7-C960-45FB-A22A-60A63697672F}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{90E554AD-1B2D-4A5A-9E9C-C67FE11F78C1}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"{975C0307-95D4-49C9-AAD4-6B7556772E95}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{98871CDF-5582-468C-ACA8-A37741AE19B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9E110F88-140A-4415-8D20-7923B51D7B59}" = protocol=17 | dir=in | app=c:\program files\hawkes learning systems\pre\common\algcom.exe |
"{A455791D-F42A-40A9-A31A-6D5B0590B8AD}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{A4C4F856-4141-4BC9-9E9C-97F33A3E1A46}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{A73CB121-9A4B-480D-BBE2-2E2533368B28}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A94B24CC-7C88-4B6F-BF5C-D2F1C11FCE0A}" = protocol=6 | dir=in | app=c:\program files\dell v715w\dleefax.exe |
"{AC35FAEC-D310-40F3-BBEE-B70D41858275}" = protocol=6 | dir=in | app=c:\program files\hawkes learning systems\pre\common\algcom.exe |
"{AD6A82A4-DE1E-4D85-B484-DC6D47EF24B7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{B1A738C5-CDA1-4A7F-A438-E957A0037262}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{B5FD01F7-E47B-4216-BB9B-33C93B0C5FC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{B631D84A-E018-4008-AE72-58784BBDFE6F}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{B7276B7C-24A9-47D8-B8BC-9C8AA21D2089}" = dir=in | app=e:\setup\hpznui01.exe |
"{B86469DD-A4D9-40B3-B492-09A92AEAF506}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0068834-7CA6-472D-88CF-8E2CBCA2FAD3}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C1ED9D67-0529-41F2-92E8-A3B754BA3A79}" = protocol=6 | dir=in | app=c:\program files\hawkes learning systems\pre\common\toc.exe |
"{C598EBE2-46AD-4260-852B-4A59873A82BA}" = protocol=6 | dir=in | app=c:\program files\dell v305\frun.exe |
"{C99B768E-D932-4870-A7C7-7CA8C792BB9C}" = protocol=17 | dir=in | app=c:\program files\dell v715w\dleefax.exe |
"{C9C5BF59-7192-48EE-864F-9788EBFE8EEF}" = protocol=6 | dir=in | app=c:\program files\hawkes learning systems\pre\common\toc.exe |
"{D470E473-2232-486F-9BF8-5DB9BDF8F815}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{D6650924-3EC3-4E1A-A8F7-B271F57C78C6}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{D6A39035-8520-4F61-85D5-B1A5C6D7FA45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D928C870-23F7-46A5-A631-CBAB46F185BC}" = protocol=6 | dir=in | app=c:\program files\hawkes learning systems\pre\common\algcom.exe |
"{DD1DAD81-0615-4EB8-A481-7D3B6307BAB6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DFE393FE-515A-4818-8E63-AB940D68349F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0FDB95A-BD3C-49EE-8AA4-0F98D8271FA6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{E6057216-EC90-4CF0-8B5A-5992702DC52D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E64BC4D8-83B5-4ECA-AA5B-53C4CE182D21}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{E92C5A72-26B9-43FC-8823-BFC68AD628B0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1283032369\ee\aolsoftware.exe |
"{EEE3BB72-D31E-47B0-80C4-CA166B7C60F8}" = protocol=17 | dir=in | app=c:\program files\hawkes learning systems\pre\common\disp.exe |
"{F36455B7-0D90-4CFA-8E2A-15B4708D5736}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F992F5A1-70BC-4849-B1BC-00A091475341}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA5EAA3E-4E73-4ED2-966E-C15488BC3E92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA7D8526-32AE-49F1-B279-23065F490570}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{FD8D5784-B842-4792-8E72-4255E74F616F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"{FEE75B27-048A-4616-94D1-3F1F4925B5E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{FF6BB4EB-6A6A-4686-885F-6E11033C39C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{1B454228-A125-442F-9BD6-495D8F8765A1}C:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe |
"TCP Query User{3193681B-9F17-4689-9B8D-EB42173E41E2}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{66208F46-9005-4554-BF96-4FB030B6C231}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{8768C970-0188-4DA0-9FC6-A9350B7F7B83}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{B7E0487F-015F-451A-AC6A-ED5E67079BB7}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{C670D2A8-AF03-4344-A71A-7F8586F76CFC}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"TCP Query User{C9653D3F-8F1B-4F52-9E2A-2B58326B65ED}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{124315D6-0199-4981-81AE-00A6D2C40A44}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{30B11CDC-FA0B-4211-9AF2-57F49452743D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{3CF38508-5DCF-4628-9781-E8F8776C0BBF}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{65A9C4A7-C132-4E39-84B2-3FE77AD2F79D}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{C8465212-E7F5-4375-82B9-A32FDCED3A62}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{CC83B211-9089-4F90-A858-337915BBCA69}C:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe |
"UDP Query User{DD3EBAE4-CE38-4646-AF8F-91BD52B62316}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FF660F4-147B-48CB-B824-2B595759D9EF}" = VZAccess Manager
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{629CCE02-041D-4577-892C-577861181771}" = Verizon Wireless USB760 Firmware Updates
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AAAB3CD0-92DF-49A8-A14F-A55B8F6D5B93}" = Prealgebra
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F874A799-5EF4-42C4-BE1C-F90D260A109F}" = Remote Desktop Connection
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"avast" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell V305" = Dell V305
"Dell V715w" = Dell V715w
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Miro" = Miro
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.6.20)" = Mozilla Firefox (3.6.20)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"Prealgebra (Fall 2010 Student)" = Prealgebra (Fall 2010 Student)
"Shop for HP Supplies" = Shop for HP Supplies
"Spotify" = Spotify
"TuneUpMedia" = TuneUp Companion 2.2.1
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
buildmeup
Active Member
 
Posts: 8
Joined: August 18th, 2011, 7:22 pm

Re: HELP! Being redirected from google.

Unread postby diver79 » August 25th, 2011, 4:51 pm

Hi buildmeup,

We will use a custom OTL script to remove the undesirable entries in the log. First we need to turn on System Restore and create a backup.


Step 1 - Create a System Restore Point
  • Click on the Start Button (Lower left hand corner of screen).
  • Right-click on Computer ... select Properties.
  • In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  • Select System Protection ...then choose Configure.
  • Make sure the the following option is selected; Restore System settings and previous versions of files. Press the OK button.
  • Now press the Create button.
  • In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  • Click OK ...then close the System Restore dialog.

If you have successfully created a System Restore Point...we can proceed.
If you have NOT successfully created a System Restore Point...do not go any further!
Please post back so we can determine why it was unsuccessful.



Step 2 - Run OTL Script
  • Right click on OTL.exe and select Run as Administrator.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
    FF - prefs.js..extensions.enabledItems: {e83f6adf-e409-47b2-8186-1fe53e0b6ce5}:1.0
    [2011/08/17 17:17:06 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2011/08/17 17:16:27 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{e83f6adf-e409-47b2-8186-1fe53e0b6ce5}
    [2011/08/17 17:16:18 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\searchtoolbar@zugo.com
    [2011/08/17 17:17:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - Reg Error: Value error. File not found
    O4 - HKLM..\Run: [] File not found
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - File not found
    :Services
    srv1368
    :files
    C:\Users\Russel\AppData\Local\d370ib50k8d5s35bk41t72fyy28xc84
    C:\ProgramData\d370ib50k8d5s35bk41t72fyy28xc84
    :commands
    [PURITY]
    [EMPTYTEMP]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Step 3 - GooredFix
Please download GooredFix...by jpshortstuff. Save it to your desktop.
Alternate download site.
  1. Ensure all Firefox windows are closed.
  2. Right-click GooredFix.exe... select Run As Administrator. If UAC prompts, allow it.
  3. When prompted to run the scan, click Yes.
    GooredFix will check for infections, and then a log file will open... named "GooredFix.txt".
  4. Please copy and paste the contents of the GooredFix.txt file in your next reply.


For your next reply.
  • OTL log
  • GooredFix log
  • Are you still experiencing redirects?
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: HELP! Being redirected from google.

Unread postby buildmeup » August 25th, 2011, 5:20 pm

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
Prefs.js: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: searchtoolbar@zugo.com:1.2 removed from extensions.enabledItems
Prefs.js: {e83f6adf-e409-47b2-8186-1fe53e0b6ce5}:1.0 removed from extensions.enabledItems
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\lib folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{e83f6adf-e409-47b2-8186-1fe53e0b6ce5}\defaults\preferences folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{e83f6adf-e409-47b2-8186-1fe53e0b6ce5}\defaults folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{e83f6adf-e409-47b2-8186-1fe53e0b6ce5}\chrome folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{e83f6adf-e409-47b2-8186-1fe53e0b6ce5} folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\searchtoolbar@zugo.com\defaults\preferences folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\searchtoolbar@zugo.com\defaults folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\searchtoolbar@zugo.com\components folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\searchtoolbar@zugo.com\chrome\skin folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\searchtoolbar@zugo.com\chrome\content folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\searchtoolbar@zugo.com\chrome folder moved successfully.
C:\Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\searchtoolbar@zugo.com folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
========== SERVICES/DRIVERS ==========
Service srv1368 stopped successfully!
Service srv1368 deleted successfully!
========== FILES ==========
C:\Users\Russel\AppData\Local\d370ib50k8d5s35bk41t72fyy28xc84 moved successfully.
C:\ProgramData\d370ib50k8d5s35bk41t72fyy28xc84 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Russel
->Temp folder emptied: 111484616 bytes
->Temporary Internet Files folder emptied: 6374544 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 97579498 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6354 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5468 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118710221 bytes
RecycleBin emptied: 12507 bytes

Total Files Cleaned = 319.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.5 log created on 08252011_140316

Files\Folders moved on Reboot...
C:\Users\Russel\AppData\Local\Temp\HPV74E4.tmp.vdf moved successfully.
C:\Users\Russel\AppData\Local\Temp\HPV74E5.tmp.vdf moved successfully.
C:\Users\Russel\AppData\Local\Temp\HPV764D.tmp.vdf moved successfully.
C:\Users\Russel\AppData\Local\Temp\HPV7B81.tmp.vdf moved successfully.
C:\Users\Russel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZC9PNZX\api[4].htm moved successfully.
C:\Users\Russel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZC9PNZX\api[5].htm moved successfully.
C:\Users\Russel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYV9PWVU\background-banner-middle-v45[1].jpg moved successfully.
C:\Users\Russel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYV9PWVU\list-item-plus[1].png moved successfully.
C:\Users\Russel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7YGJBV4\background_banner_green_50_v45[1].jpg moved successfully.
C:\Users\Russel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5C19BWPW\background-banner-right-v45[1].jpg moved successfully.
C:\Users\Russel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5C19BWPW\background_button_green_full[1].png moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:12 on 25/08/2011 (Russel)
Firefox version 3.6.20 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:09 28/08/2010]

C:\Users\Russel\Application Data\Mozilla\Firefox\Profiles\a03y3ofd.default\extensions\
personas@christopher.beard [14:19 17/09/2010]
{20a82645-c095-46ed-80e3-08825760534b} [12:52 01/09/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [13:07 30/08/2010]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [14:21 11/09/2010]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [03:40 22/08/2011]

-=E.O.F=-


I no longer seem to be being redirected! Running that code changed my firefox persona, was this on purpose? it isn't a big deal, just curious.
buildmeup
Active Member
 
Posts: 8
Joined: August 18th, 2011, 7:22 pm

Re: HELP! Being redirected from google.

Unread postby diver79 » August 26th, 2011, 12:12 pm

Hi buildmeup,

buildmeup wrote:I no longer seem to be being redirected! Running that code changed my firefox persona, was this on purpose? it isn't a big deal, just curious.
Good! Hopefully the redirection issue has been resolved now. We still have some work to do before we can be sure.

Changing the firefox persona was not intentional. OTL may have removed it in order to process the script. You should still be able to add it back.

Lets run an Online scan to see if there are any other items needing attention.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable Avast Anti-Virus.
Right- click on the avast! icon in system tray.
Select avast! shields control
Select the option to disable Avast until the computer is restarted.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go herehere to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: HELP! Being redirected from google.

Unread postby buildmeup » August 26th, 2011, 2:09 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=064881a538dc9841bc5c3433881cc192
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-26 05:59:53
# local_time=2011-08-26 10:59:53 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 150984353 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=151061
# found=3
# cleaned=0
# scan_time=4895
C:\Users\Russel\Downloads\Miro_Installer.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08252011_140316\C_Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{e83f6adf-e409-47b2-8186-1fe53e0b6ce5}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08252011_140316\C_Users\Russel\AppData\Roaming\mozilla\Firefox\Profiles\a03y3ofd.default\extensions\{e83f6adf-e409-47b2-8186-1fe53e0b6ce5}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
buildmeup
Active Member
 
Posts: 8
Joined: August 18th, 2011, 7:22 pm

Re: HELP! Being redirected from google.

Unread postby diver79 » August 27th, 2011, 10:44 am

Hi buildmeup,

Looking good, we are almost there. Follow the instructions below to cleanup the remaining files.

Step 1 - Run OTL Script
We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :files
    C:\Users\Russel\Downloads\Miro_Installer.exe
    [CLEARALLRESTOREPOINTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Step 2 - Clean up with OTL
This will remove all the tools we used to clean your pc.
  • Right click on OTL.exe and select Run as Administrator
  • Close all other programs as this step will require a reboot.
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.
You can now delete any other tools we used if they remain on your Desktop.

You should now be all clean. Congratulations!
Please show me the log from OTL in your next post so I can be sure. Below are some additional steps you may want to read to help safeguard your machine from further infection.

Additional Security Tips.
Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia. This app will monitor programs on your computer for known vulnerabilities. You can set it to auto-update for you, or just prompt you if an update is available. I highly recommend it.
F-secure Health Check - Copyright © F-Secure Corporation. F-Secure Health Check is a free application that tells you if your computer is protected and helps you fix possible security issues.

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Read, stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please let me know that you completed the cleanup steps and reviewed the rest of the post. Once I receive your reply, unless there are other malware questions or concerns, I will have this topic closed as resolved.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: HELP! Being redirected from google.

Unread postby buildmeup » August 27th, 2011, 10:49 pm

========== FILES ==========
C:\Users\Russel\Downloads\Miro_Installer.exe moved successfully.
File\Folder [CLEARALLRESTOREPOINTS] not found.
File\Folder [REBOOT] not found.

OTL by OldTimer - Version 3.2.26.5 log created on 08272011_193443
buildmeup
Active Member
 
Posts: 8
Joined: August 18th, 2011, 7:22 pm

Re: HELP! Being redirected from google.

Unread postby buildmeup » August 27th, 2011, 10:50 pm

Hopefully my computer is clean now, it seems to be running great, and I am no longer being redirected when doing a search. Thanks for all of the help, these forums are amazing! :D
buildmeup
Active Member
 
Posts: 8
Joined: August 18th, 2011, 7:22 pm

Re: HELP! Being redirected from google.

Unread postby diver79 » August 29th, 2011, 4:15 pm

Hi buildmeup,

buildmeup wrote:Hopefully my computer is clean now, it seems to be running great, and I am no longer being redirected when doing a search. Thanks for all of the help, these forums are amazing! :D
You're very welcome. Glad I could help. Just one more thing to do before we close this post.

There was an error in the OTL script I asked you to run. OTL did not clear all of the old infected restore points. Please follow the instructions below to remove these. Once done we can close this topic.

Reset System Restore Points
  • Go to Start, Control Panel, and click the System icon in the Control Panel.
  • In the left pane click on System Protection.
  • When the Dialog comes up, click on the System protection tab.
  • Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  • Click the Create Button to create a new restore point. In the Name dialog, type a descriptive name and click Create.
  • You will get a message that the Restore Point was created successfully. Click Close.
  • Click OK and close the System window in the Control Panel.
--------------------------------------
  • Go to Start, All programs, Accessories, System Tools, Disk Cleanup.
  • Choose the drive letter where Windows is located (usually C:), and click OK.
  • After it scans, click on Clean up System files
  • Again, choose the drive letter where Windows is located (usually C:), and click OK.
  • After it scans, choose the More Options tab
  • Under "System Restore and Shadow Copies", click Clean up
  • It will ask if you are sure you want to delete all but the most recent restore point. Click Delete.
  • Click OK and verify that you want to delete the files.
The Utility will clean up the Restore points.

Reboot your machine to record the changes you have made.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware or changes in the Restore settings.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware