Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google links hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

pt 11

Unread postby tequilajusthitme » September 20th, 2011, 7:13 pm

[2011/05/30 17:37:02 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/05/30 17:37:02 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/05/30 17:37:02 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/05/30 17:37:02 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/05/30 17:37:02 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/05/30 17:37:02 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/05/30 17:37:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/05/30 17:37:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/05/30 17:37:02 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/05/30 17:37:02 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/05/30 17:37:02 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/05/30 17:37:02 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/05/30 17:37:02 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/05/30 17:37:02 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/05/30 17:37:02 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/05/30 17:34:04 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/05/30 17:34:03 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/05/30 10:52:11 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/30 10:52:03 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/30 10:52:03 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/25 06:39:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/24 21:20:25 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/05/24 20:35:11 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv6 Notebook PC_Y5335KV_0U_QCNF03726S6_E618250-001_4A_I1440_SHP_V67.33_F.27_T110324_WU4-0_L409_M5883_J500_7AMD_8F53_92.00_#110524_N168C002B;10EC8168_(WG457AV)_XMOBILE_CN10_Z.MRK
[2011/05/24 20:35:11 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv6 Notebook PC_Y5335KV_0U_QCNF03726S6_E618250-001_4A_I1440_SHP_V67.33_F.27_T110324_WU4-0_L409_M5883_J500_7AMD_8F53_92.00_#110524_N168C002B;10EC8168_(WG457AV)_XMOBILE_CN10_Z.MRK
[2011/05/24 20:33:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2011/05/24 20:32:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/05/24 17:59:46 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/05/24 16:19:43 | 000,000,619 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/05/24 16:19:43 | 000,000,619 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/05/24 03:40:05 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/05/24 03:37:54 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2011/05/10 08:06:08 | 004,517,664 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2011/05/03 22:25:03 | 002,315,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/05/03 22:22:25 | 002,223,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/05/03 22:22:25 | 000,778,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/05/03 22:22:24 | 000,491,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/05/03 22:22:24 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/05/03 22:22:24 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/05/03 22:19:28 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/05/03 22:19:28 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/05/03 21:34:43 | 001,549,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/05/03 21:32:02 | 000,666,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/05/03 21:32:01 | 001,401,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/05/03 21:32:01 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/05/03 21:32:00 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/04/22 15:15:29 | 000,027,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/04/20 19:02:28 | 000,017,720 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\HPMDPCoInst12.dll
[2011/04/20 19:02:22 | 000,030,008 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\hpdskflt.sys
[2011/04/20 19:02:16 | 000,030,520 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpservice.exe
[2011/04/20 19:02:08 | 000,020,792 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\accelerometerdll.DLL
[2011/04/20 19:02:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\Accelerometer.sys
[2011/04/19 22:10:34 | 000,061,952 | ---- | M] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/04/19 22:10:32 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/19 22:10:22 | 000,053,760 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/04/19 22:10:18 | 000,051,712 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/04/19 22:10:14 | 016,116,224 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2011/04/19 22:10:02 | 012,385,280 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2011/04/19 19:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2011/04/19 19:30:16 | 022,900,736 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2011/04/19 19:09:44 | 000,165,296 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2011/04/19 19:09:18 | 000,151,552 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2011/04/19 19:09:04 | 000,676,864 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2011/04/19 19:07:46 | 000,795,648 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2011/04/19 19:07:02 | 017,693,184 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2011/04/19 19:05:08 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011/04/19 19:04:54 | 000,480,256 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011/04/19 19:04:18 | 000,203,776 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011/04/19 19:03:04 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/04/19 19:02:48 | 000,423,424 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2011/04/19 19:02:42 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2011/04/19 19:02:30 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2011/04/19 19:02:24 | 000,016,384 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/04/19 19:02:20 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2011/04/19 19:02:16 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2011/04/19 18:59:20 | 004,161,536 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2011/04/19 18:49:30 | 004,951,552 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2011/04/19 18:46:16 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2011/04/19 18:46:14 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2011/04/19 18:46:04 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2011/04/19 18:46:02 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2011/04/19 18:45:52 | 007,768,064 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2011/04/19 18:42:04 | 006,389,760 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2011/04/19 18:40:48 | 001,222,656 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2011/04/19 18:40:14 | 001,923,584 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2011/04/19 18:40:02 | 003,868,672 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2011/04/19 18:38:04 | 004,286,464 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2011/04/19 18:36:10 | 000,989,600 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/04/19 18:31:12 | 005,440,000 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2011/04/19 18:30:36 | 004,056,576 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2011/04/19 18:29:34 | 000,989,600 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/04/19 18:27:00 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/04/19 18:23:12 | 000,366,080 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2011/04/19 18:23:06 | 000,262,144 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2011/04/19 18:22:54 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2011/04/19 18:22:52 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2011/04/19 18:22:52 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2011/04/19 18:22:48 | 000,039,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2011/04/19 18:22:40 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2011/04/19 18:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2011/04/19 18:21:44 | 000,040,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2011/04/19 18:21:38 | 000,031,232 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2011/04/19 18:21:32 | 000,038,912 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2011/04/19 18:21:24 | 000,029,184 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2011/04/19 18:20:50 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2011/04/19 18:13:36 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2011/04/19 18:13:36 | 000,053,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2011/04/19 18:13:28 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2011/04/19 18:13:28 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2011/04/09 18:55:44 | 015,453,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xlive.dll
[2011/04/09 18:55:42 | 013,642,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xlivefnt.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/08 23:58:56 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/04/08 22:56:38 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/04/05 16:46:14 | 000,032,200 | ---- | M] () -- C:\Windows\atiogl.xml
[2011/03/24 20:29:14 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/03/24 20:28:59 | 000,007,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

========== Files Created - No Company Name ==========

[2011/09/19 21:29:34 | 011,634,160 | ---- | C] () -- C:\Users\Yuan\Desktop\metacom's rebellion doc.pdf
[2011/09/17 19:14:59 | 000,002,093 | ---- | C] () -- C:\Users\Yuan\Desktop\HijackThis.lnk
[2011/08/27 09:36:11 | 000,000,992 | ---- | C] () -- C:\Users\Yuan\Desktop\Deus Ex - Human Revolution.lnk
[2011/08/24 23:09:33 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/10 09:47:03 | 000,002,072 | ---- | C] () -- C:\Users\Yuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Badminton Tournament Planner.lnk
[2011/08/10 09:47:03 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Badminton Tournament Planner.lnk
[2011/07/27 16:00:30 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/07/27 16:00:12 | 000,063,488 | RHS- | C] () -- C:\Windows\SysWow64\napipseck.dll
[2011/07/27 16:00:12 | 000,000,320 | -HS- | C] () -- C:\Windows\tasks\Doclnlowzf.job
[2011/07/19 16:20:50 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2011/07/14 23:52:37 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/29 17:06:39 | 000,000,600 | ---- | C] () -- C:\Users\Yuan\AppData\Roaming\winscp.rnd
[2011/06/19 19:47:04 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/06/19 19:46:50 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/06/18 16:57:49 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/06/12 15:54:42 | 000,002,032 | ---- | C] () -- C:\Users\Yuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Yuuguu.lnk
[2011/06/11 21:48:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/06/11 20:58:46 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/06/04 23:47:11 | 000,001,935 | ---- | C] () -- C:\Users\Yuan\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/06/04 23:46:19 | 000,000,373 | -H-- | C] () -- C:\IPH.PH
[2011/06/02 17:44:08 | 000,000,000 | -H-- | C] () -- C:\Users\Yuan\Documents\Default.rdp
[2011/05/30 21:22:34 | 000,001,260 | ---- | C] () -- C:\Users\Yuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/30 17:37:02 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/05/30 17:37:02 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/05/30 17:26:30 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2011/05/30 17:26:18 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/05/30 17:25:01 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/05/30 17:24:56 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/05/30 17:24:56 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/05/30 17:24:47 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011/05/30 17:24:47 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/05/30 10:52:04 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/30 10:52:03 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/30 10:52:03 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/30 09:43:39 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/30 09:43:38 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 06:39:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/24 23:07:54 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP SimplePass Identity Protection.lnk
[2011/05/24 22:50:27 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2011/05/24 22:50:27 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2011/05/24 22:50:27 | 000,002,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk
[2011/05/24 21:37:32 | 000,001,103 | ---- | C] () -- C:\Users\Yuan\Desktop\Fallout Mod Manager.lnk
[2011/05/24 21:20:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/24 20:35:11 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv6 Notebook PC_Y5335KV_0U_QCNF03726S6_E618250-001_4A_I1440_SHP_V67.33_F.27_T110324_WU4-0_L409_M5883_J500_7AMD_8F53_92.00_#110524_N168C002B;10EC8168_(WG457AV)_XMOBILE_CN10_Z.MRK
[2011/05/24 20:35:11 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv6 Notebook PC_Y5335KV_0U_QCNF03726S6_E618250-001_4A_I1440_SHP_V67.33_F.27_T110324_WU4-0_L409_M5883_J500_7AMD_8F53_92.00_#110524_N168C002B;10EC8168_(WG457AV)_XMOBILE_CN10_Z.MRK
[2011/05/24 20:33:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2011/05/24 20:32:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/05/24 20:13:39 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/24 20:11:49 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/24 20:08:35 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/05/24 17:59:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/24 17:02:33 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160591773-696945102-3548745950-1000UA.job
[2011/05/24 17:02:31 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160591773-696945102-3548745950-1000Core.job
[2011/05/24 16:59:06 | 000,001,254 | ---- | C] () -- C:\Users\Yuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/24 16:47:51 | 000,001,409 | ---- | C] () -- C:\Users\Yuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/05/24 16:46:37 | 000,000,290 | ---- | C] () -- C:\Users\Yuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/24 16:46:37 | 000,000,272 | ---- | C] () -- C:\Users\Yuan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/24 16:19:18 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/05/24 16:19:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/05/24 16:15:03 | 331,534,335 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/19 22:10:34 | 000,061,952 | ---- | C] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/19 19:09:44 | 000,165,296 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2011/04/19 18:36:10 | 000,989,600 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/04/19 18:29:34 | 000,989,600 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/05 16:46:14 | 000,032,200 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/07/13 09:39:49 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DigitalPersona
[2011/06/04 23:48:06 | 000,000,000 | ---D | M] -- C:\Users\Yuan\AppData\Roaming\acccore
[2011/05/24 23:11:58 | 000,000,000 | ---D | M] -- C:\Users\Yuan\AppData\Roaming\DigitalPersona
[2011/07/06 19:34:06 | 000,000,000 | ---D | M] -- C:\Users\Yuan\AppData\Roaming\DVDVideoSoft
[2011/07/06 19:34:31 | 000,000,000 | ---D | M] -- C:\Users\Yuan\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/07/23 21:55:15 | 000,000,000 | ---D | M] -- C:\Users\Yuan\AppData\Roaming\ooVoo Details
[2011/09/03 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\Yuan\AppData\Roaming\redsn0w
[2011/09/17 19:06:25 | 000,000,000 | ---D | M] -- C:\Users\Yuan\AppData\Roaming\uTorrent
[2011/05/30 11:00:20 | 000,000,000 | ---D | M] -- C:\Users\Yuan\AppData\Roaming\Windows Live Writer
[2011/06/12 16:28:20 | 000,000,000 | ---D | M] -- C:\Users\Yuan\AppData\Roaming\Yuuguu
[2011/09/19 17:20:43 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/09/19 17:20:43 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/09/20 14:33:15 | 000,000,320 | -HS- | M] () -- C:\Windows\Tasks\Doclnlowzf.job
[2011/08/22 09:05:42 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/20 14:37:04 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\YUAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/09/14 02:41:54 | 001,030,200 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\YUAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/09/14 02:41:54 | 001,030,200 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\YUAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/09/14 02:41:54 | 001,030,200 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\YUAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/09/14 02:41:54 | 001,030,200 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/30 17:37:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/30 17:37:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/30 17:37:02 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/30 17:37:02 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/30 17:37:02 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >
tequilajusthitme
Regular Member
 
Posts: 17
Joined: September 17th, 2011, 10:23 pm
Advertisement
Register to Remove

extra.txt

Unread postby tequilajusthitme » September 20th, 2011, 7:14 pm

OTL Extras logfile created on: 9/20/2011 2:46:43 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Yuan\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.26 Gb Available Physical Memory | 74.12% Memory free
11.49 Gb Paging File | 9.76 Gb Available in Paging File | 84.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.46 Gb Total Space | 213.28 Gb Free Space | 45.82% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 89.83 Mb Free Space | 90.72% Space Free | Partition Type: FAT32
Drive G: | 199.00 Mb Total Space | 165.30 Mb Free Space | 83.07% Space Free | Partition Type: NTFS

Computer Name: MINE_01 | User Name: Yuan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F870E-BCF6-F19F-A154-B3488407F467}" = ccc-utility64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F6B7CB0-66D8-4B31-BF1F-D2318E58080E}" = HP SimplePass Identity Protection
"{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6C30F9EF-5032-925C-1905-D87E8472EB85}" = ATI Catalyst Install Manager
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{A97CD0A7-2DF5-EDA0-4FF7-A3BF6CAE771B}" = AMD Fuel
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E34038BB-5358-3890-B5C8-37C5FE817806}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F340A3E-EB0F-4519-B177-787620714BF4}" = Badminton Tournament Planner
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AFBC2F3-D3F5-660A-A2AD-CAD3E8EDA1D7}" = CCC Help English
"{63953BA4-7F92-98F7-B99D-FEB4B7BF6905}" = Catalyst Control Center Localization All
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7753A3B2-E858-F0B3-3DD9-C027B16CBB81}" = Catalyst Control Center InstallProxy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2616F7B-9E5B-7B21-EDB0-5659A5A4DDA1}" = Catalyst Control Center Graphics Previews Common
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E82FBDF4-8C89-4513-B8D8-23378MP4IPODs}_is1" = Solid MP4 to iPod Video Converter 1.3.1
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEF90494-3911-A844-2622-545BD4008231}" = AMD VISION Engine Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 1.2.6
"AVI To MP4 Converter_is1" = AVI To MP4 Converter 1.0
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Free Studio_is1" = Free Studio version 5.0.13
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"HijackThis" = HijackThis 2.0.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 19900" = Far Cry 2
"Steam App 22380" = Fallout: New Vegas
"Steam App 400" = Portal
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 8980" = Borderlands
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3160591773-696945102-3548745950-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Hex Editor Neo 4.97
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/17/2011 3:07:01 AM | Computer Name = MINE_01 | Source = Bonjour Service | ID = 100
Description = 512: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/17/2011 3:07:01 AM | Computer Name = MINE_01 | Source = Bonjour Service | ID = 100
Description = 508: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/17/2011 10:30:53 AM | Computer Name = MINE_01 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 9/17/2011 10:30:53 AM | Computer Name = MINE_01 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 9/17/2011 4:31:16 PM | Computer Name = MINE_01 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 9/17/2011 4:31:16 PM | Computer Name = MINE_01 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 9/17/2011 4:31:31 PM | Computer Name = MINE_01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/17/2011 4:31:31 PM | Computer Name = MINE_01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15615

Error - 9/17/2011 4:31:31 PM | Computer Name = MINE_01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15615

Error - 9/19/2011 8:53:34 PM | Computer Name = MINE_01 | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 14.0.835.163, time
stamp: 0x4e705488 Faulting module name: chrome.dll, version: 14.0.835.163, time
stamp: 0x4e705422 Exception code: 0xc0000005 Fault offset: 0x000524b7 Faulting process
id: 0x16a4 Faulting application start time: 0x01cc771329367486 Faulting application
path: C:\Users\Yuan\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Users\Yuan\AppData\Local\Google\Chrome\Application\14.0.835.163\chrome.dll
Report
Id: f6ee96fc-e322-11e0-bd96-dcffc1e0a47a

[ System Events ]
Error - 9/14/2011 6:42:45 PM | Computer Name = MINE_01 | Source = DCOM | ID = 10010
Description =

Error - 9/14/2011 9:00:42 PM | Computer Name = MINE_01 | Source = DCOM | ID = 10010
Description =

Error - 9/15/2011 1:55:43 AM | Computer Name = MINE_01 | Source = DCOM | ID = 10010
Description =

Error - 9/15/2011 8:38:13 PM | Computer Name = MINE_01 | Source = DCOM | ID = 10010
Description =

Error - 9/16/2011 12:40:02 AM | Computer Name = MINE_01 | Source = DCOM | ID = 10010
Description =

Error - 9/17/2011 3:07:12 AM | Computer Name = MINE_01 | Source = DCOM | ID = 10010
Description =

Error - 9/17/2011 4:31:00 PM | Computer Name = MINE_01 | Source = DCOM | ID = 10010
Description =

Error - 9/18/2011 4:21:21 AM | Computer Name = MINE_01 | Source = DCOM | ID = 10010
Description =

Error - 9/19/2011 1:43:27 AM | Computer Name = MINE_01 | Source = DCOM | ID = 10010
Description =

Error - 9/20/2011 2:03:16 AM | Computer Name = MINE_01 | Source = DCOM | ID = 10010
Description =


< End of report >
tequilajusthitme
Regular Member
 
Posts: 17
Joined: September 17th, 2011, 10:23 pm

sorry

Unread postby tequilajusthitme » September 20th, 2011, 7:15 pm

sorry for putting in so many partitions
tequilajusthitme
Regular Member
 
Posts: 17
Joined: September 17th, 2011, 10:23 pm

Re: Google links hijacked

Unread postby askey127 » September 21st, 2011, 7:23 am

tequilajusthitme,
After you downloaded OTL, you decided to change the File Age from 30 days to 180 days before running the scan.
This produces a monster log, as you discovered. That's why the instructions read
Do not change any settings unless otherwise told to do so.

Where did you get the Enterprise Edition of Windows? It usually includes a Microsoft service contract to provide all maintenance.
It is not clear that our tools will be able to work properly on that version, since it is not normally found in home computers.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
I have included the P2P program µTorrent in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
(Limewire has been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

µTorrent

Take extra care in answering questions posed by any Uninstaller.

Let me know when you have removed uTorrent, and tell me about your Windows version.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google links hijacked

Unread postby tequilajusthitme » September 21st, 2011, 6:16 pm

Thanks! My workplace has site licenses for a lot of software, so I decided to take advantage of it by installing Enterprise.

I have also removed utorrent.
tequilajusthitme
Regular Member
 
Posts: 17
Joined: September 17th, 2011, 10:23 pm

Re: Google links hijacked

Unread postby askey127 » September 22nd, 2011, 8:51 am

If your workplace owns the licenses for this Enterprise software, they should be prepared to provide the support for it.
We will not be providing support for it here.
This thread will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 283 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware