Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Hijack searchnu......com/410

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 23rd, 2012, 2:03 pm

Here is the OTL log:

All processes killed
========== OTL ==========
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=100&systemid=410&sr=0&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1123561945-963894560-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Owner\My Documents\ZDP16086.TMP deleted successfully.
Unable to delete ADS C:\Documents and Settings\Owner\Desktop\hs_err_pid1504.log: SummaryInformation .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1\\ deleted successfully.
========== FILES ==========
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-17-Nov-2011-23-41-21-GMT folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-08-Sep-2011-04-42-14-GMT folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-31-Dec-2011-15-40-57-GMT folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-12-Nov-2011-20-32-25-GMT folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-07-Nov-2011-17-57-39-GMT folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-09-Sep-2011-17-27-09-GMT folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\extensions\toolbar@ask.com folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1ddqxcri.default\searchplugins\Search_Results.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml moved successfully.
C:\Documents and Settings\All Users\Application Data\boost_interprocess\40AFCBF9BB01CD01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\boost_interprocess folder moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 6806334 bytes
->Temporary Internet Files folder emptied: 11036478 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 271250016 bytes
->Flash cache emptied: 4132 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 276.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.1 log created on 03232012_122720

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\CVHLauncher(20120321134645C9C).log moved successfully.
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_5b0.dat not found!
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm
Advertisement
Register to Remove

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 23rd, 2012, 5:17 pm

Dear mambass,

I could not run a scan w/OTL as administrator. I do not have a password for the administrator. I never assigned a password to the administrator and neither did the folks who built my computer. I called them to be sure. I would leave the password box blank and it would not let me run as "admin" I ran it the normal way, with those options checked. I left my desk for a bit and when I returned I had the following error message.

Header box said: WINDOWS - NO DISK

then in box it said: Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

My choices were cancel, try again and continue none of which worked so I closed the box with the little x at the top right corner. The scan then proceeded to finish.

Here is the OTL.txt log:
OTL logfile created on: 3/23/2012 1:56:28 PM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.47 Mb Total Physical Memory | 125.55 Mb Available Physical Memory | 24.55% Memory free
1.22 Gb Paging File | 0.72 Gb Available in Paging File | 59.02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 32.02 Gb Free Space | 42.97% Space Free | Partition Type: NTFS
Drive E: | 7.52 Gb Total Space | 2.86 Gb Free Space | 37.99% Space Free | Partition Type: FAT32

Computer Name: OWNER-CFB93CB1D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 23:09:34 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/03/20 22:30:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/12/06 12:41:18 | 001,175,912 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/12/06 11:48:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/26 02:56:20 | 004,950,152 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/02/14 08:55:15 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/23 05:55:55 | 001,747,968 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032301\algo.dll
MOD - [2012/03/20 22:30:20 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 04:31:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/16 04:23:26 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/16 04:19:32 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
MOD - [2012/02/16 04:04:51 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/01/11 04:13:34 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/10/13 03:23:22 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/26 02:56:20 | 004,950,152 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2011/09/26 02:56:00 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2011/09/26 02:55:58 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2011/09/26 02:55:58 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2011/05/16 10:38:05 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/02/14 08:55:15 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/12/06 11:48:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/10/01 09:30:42 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,209,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,584,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2008/04/13 19:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 17:04:16 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/13 13:00:42 | 000,107,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ich4.sys -- (ac97intc) Intel(r) 82801DB/DBM Audio Driver Service (WDM)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\..\SearchScopes\{9CB38A67-DD67-4796-87FA-65C0AC4E1609}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 09:17:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/02/25 12:46:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/02/26 04:02:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/10 09:08:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/20 22:30:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/23 13:38:26 | 000,000,000 | ---D | M]

[2012/03/23 13:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/23 13:23:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/06/27 10:20:06 | 000,000,000 | ---D | M] (Techinline Remote Desktop Client) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1DDQXCRI.DEFAULT\EXTENSIONS\REMOTEDESKTOPCLIENT@TECHINLINE.COM
[2012/03/20 22:30:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/23 11:37:08 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/03/23 13:23:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/04 19:23:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/04 19:23:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/06/17 06:37:26 | 000,435,122 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14977 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\S-1-5-21-1123561945-963894560-1417001333-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1123561945-963894560-1417001333-1003..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\S-1-5-21-1123561945-963894560-1417001333-1003..\Run: [TaskScheduler] C:\ProWin10\32bit\TaskSch.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\MS Excel 2000\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-963894560-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5303713109 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} https://techinline.net/Client/TIClient.cab (ClientPlugin Object)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{604B4926-0420-46D8-8133-071FF1F46D11}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O18 - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/13 10:35:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##goody#Goody#Windows Updates#0427\Shell - "" = AutoRun
O33 - MountPoints2\##goody#Goody#Windows Updates#0427\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##goody#Goody#Windows Updates#0427\Shell\AutoRun\command - "" = Z:\UpdateInstaller.exe
O33 - MountPoints2\{03fced0c-bab1-11e0-9b01-000c6ef39663}\Shell - "" = AutoRun
O33 - MountPoints2\{03fced0c-bab1-11e0-9b01-000c6ef39663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{03fced0c-bab1-11e0-9b01-000c6ef39663}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/23 13:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/23 13:23:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/23 13:23:25 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/23 13:23:25 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/23 13:23:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/20 23:24:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/20 23:24:47 | 000,000,000 | ---D | C] -- \_OTL
[2012/03/20 23:09:23 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/03/20 22:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/20 22:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/03/20 22:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/03/20 22:43:22 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/03/18 13:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\AppData
[2012/03/12 23:12:12 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCT232.OCX
[2012/03/12 23:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Audio Pack
[2012/03/12 23:11:43 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll
[2012/03/12 23:11:43 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll
[2012/03/12 23:11:43 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll
[2012/03/12 23:11:43 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll
[2012/03/12 23:11:42 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2012/03/12 23:11:42 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2012/03/12 23:11:42 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll
[2012/03/12 23:11:41 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll
[2012/03/12 23:11:41 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2012/03/12 23:11:41 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX
[2012/03/12 23:11:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2012/03/12 23:11:41 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
[2012/03/12 23:11:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL
[2012/03/12 23:11:34 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2012/03/12 23:11:34 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll
[2012/03/12 23:11:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2012/03/12 23:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter
[2012/03/12 09:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\QBBackupTemp Mon, Mar 12 2012 09 09 41 AM
[2012/03/10 09:08:46 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/10 09:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/10 09:08:45 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/10 09:08:42 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/10 09:08:41 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/10 09:08:40 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/10 09:08:38 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/10 09:08:38 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/10 09:08:38 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/10 09:06:55 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/10 09:06:52 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/10 09:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/10 09:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/02 01:35:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2012/02/29 04:32:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2012/02/29 04:10:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/02/29 04:10:09 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/02/29 04:06:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/02/26 04:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/02/25 14:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HP
[2012/02/25 12:47:48 | 000,125,440 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l02t.dll
[2012/02/25 12:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/02/25 12:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2012/02/25 12:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/25 12:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2012/02/25 12:45:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2012/02/25 12:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/02/25 12:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012/02/25 12:44:04 | 000,454,504 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2012/02/25 12:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP

========== Files - Modified Within 30 Days ==========

[2012/03/23 13:23:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/23 13:23:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/23 13:23:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/23 13:23:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/23 13:23:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/03/23 12:59:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/23 12:57:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/23 12:57:54 | 536,383,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/23 08:13:19 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TO YOUR HEALTH SPROUTED BREAD & FLOUR CO., INC.QBW.ND
[2012/03/23 08:13:18 | 023,937,024 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\TO YOUR HEALTH SPROUTED BREAD & FLOUR CO., INC.QBW
[2012/03/23 08:13:18 | 000,851,968 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\TO YOUR HEALTH SPROUTED BREAD & FLOUR CO., INC.QBW.TLG
[2012/03/20 23:30:22 | 003,506,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/20 23:09:34 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/03/20 22:48:45 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2012/03/20 22:43:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/03/20 22:39:25 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2012/03/16 21:16:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/14 12:36:24 | 000,437,319 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\meinhardt.10i
[2012/03/14 03:32:47 | 000,502,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 03:32:47 | 000,088,112 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/12 23:13:13 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk
[2012/03/12 23:13:11 | 000,000,969 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk
[2012/03/12 23:13:09 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk
[2012/03/12 23:13:07 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Easy Audio Cutter.lnk
[2012/03/12 23:13:03 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Free CD Ripper.lnk
[2012/03/12 23:12:57 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Free Mp3 Wma Converter.lnk
[2012/03/12 22:39:32 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/12 22:37:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/03/12 08:18:39 | 012,049,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\QDATA11.QDF
[2012/03/12 08:18:39 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\QDATA11.QEL
[2012/03/12 08:18:39 | 000,055,065 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\QDATA11.QSD
[2012/03/12 08:14:09 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls
[2012/03/12 08:13:58 | 000,001,447 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/03/12 08:13:22 | 001,111,868 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\QDATA11.IDX
[2012/03/10 09:08:47 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/10 09:08:39 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 19:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/02/29 04:32:52 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/25 12:49:23 | 000,189,177 | ---- | M] () -- C:\WINDOWS\hpwins23.dat
[2012/02/24 17:21:35 | 000,006,888 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ZbThumbnail.info
[2012/02/24 17:10:51 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/03/20 22:48:45 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2012/03/20 22:39:22 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2012/03/12 23:13:11 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk
[2012/03/12 23:13:09 | 000,000,969 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk
[2012/03/12 23:13:08 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk
[2012/03/12 23:13:06 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Easy Audio Cutter.lnk
[2012/03/12 23:13:02 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Free CD Ripper.lnk
[2012/03/12 23:12:54 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Free Mp3 Wma Converter.lnk
[2012/03/12 23:11:44 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2012/03/12 23:11:31 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012/03/12 22:39:30 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/12 08:13:22 | 001,111,868 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\QDATA11.IDX
[2012/03/10 09:08:47 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/02/29 04:31:37 | 000,813,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/25 12:46:43 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2012/02/25 12:45:48 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2012/02/25 12:41:13 | 000,189,177 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2012/02/25 12:41:13 | 000,001,501 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2012/02/16 01:17:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/17 20:54:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/19 22:26:28 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\Gsw32.exe.config
[2011/08/09 08:45:34 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/08/02 10:56:19 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2011/07/27 10:09:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/06/23 10:30:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/22 20:48:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/29 08:35:35 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/05/27 12:49:49 | 000,020,280 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/20 08:00:27 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/19 15:47:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2011/05/19 13:55:44 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/05/19 13:39:04 | 000,001,447 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/05/13 11:11:04 | 536,383,488 | -HS- | C] () -- \hiberfil.sys
[2011/05/13 10:38:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/13 10:35:55 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2011/05/13 10:35:55 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2011/05/13 10:35:55 | 000,000,000 | ---- | C] () -- \CONFIG.SYS
[2011/05/13 10:35:55 | 000,000,000 | ---- | C] () -- \AUTOEXEC.BAT
[2011/05/13 10:32:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/13 05:20:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/13 05:19:33 | 003,506,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/13 05:18:44 | 000,000,211 | -HS- | C] () -- \boot.ini

========== LOP Check ==========

[2012/03/23 12:27:42 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2012/03/23 12:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2012/02/13 11:21:28 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Documents
[2011/05/16 10:45:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\DRM
[2011/05/13 05:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Favorites
[2011/07/27 22:51:27 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu
[2011/05/13 05:20:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Templates
[2011/11/28 11:14:27 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2011/05/13 10:38:31 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Default User\Cookies
[2011/05/13 05:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Desktop
[2011/05/13 05:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Favorites
[2011/05/13 05:20:10 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Local Settings
[2011/05/13 05:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\My Documents
[2011/05/13 05:20:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\NetHood
[2011/05/13 05:20:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\PrintHood
[2011/05/13 05:20:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Recent
[2011/05/13 10:34:44 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\SendTo
[2011/05/13 05:20:10 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Default User\Start Menu
[2011/05/13 10:32:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Templates
[2011/12/19 20:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2011/05/13 10:39:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService\Cookies
[2011/05/13 10:39:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Local Settings
[2011/05/13 10:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2011/05/14 11:03:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService\Cookies
[2012/03/02 01:35:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService\IETldCache
[2011/05/13 10:39:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\NetworkService\Local Settings
[2012/03/18 13:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\AppData
[2012/03/20 23:26:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2012/03/22 12:49:41 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\Cookies
[2012/03/22 12:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Desktop
[2011/05/17 10:25:43 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Owner\Favorites
[2012/02/29 04:32:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\IETldCache
[2011/05/20 08:05:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Local Settings
[2012/03/23 12:27:38 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Owner\My Documents
[2011/05/19 19:32:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\NetHood
[2011/05/13 05:20:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\PrintHood
[2012/03/23 13:46:19 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Recent
[2011/05/13 11:11:11 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\SendTo
[2011/07/27 22:49:51 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Owner\Start Menu
[2011/05/13 10:32:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Templates
[2011/05/13 11:21:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\UserData

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\hs_err_pid1504.log:SummaryInformation

< End of report >
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 23rd, 2012, 5:19 pm

Here is the Extra.txt:

OTL Extras logfile created on: 3/23/2012 1:56:29 PM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.47 Mb Total Physical Memory | 125.55 Mb Available Physical Memory | 24.55% Memory free
1.22 Gb Paging File | 0.72 Gb Available in Paging File | 59.02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 32.02 Gb Free Space | 42.97% Space Free | Partition Type: NTFS
Drive E: | 7.52 Gb Total Space | 2.86 Gb Free Space | 37.99% Space Free | Partition Type: FAT32

Computer Name: OWNER-CFB93CB1D | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1123561945-963894560-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe:*:Enabled:QuickBooks 2011 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe:*:Enabled:QuickBooks 2012 Data Manager -- (Intuit, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00110409-78E1-11D2-B60F-006097C998E7}" = Microsoft Excel 2000
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{0FFD15DD-B6B7-4F1E-8764-9DD1FED7DC0A}" = ProSeries User's Guide 2010
"{11968F04-71FB-4C8C-B4D8-14FA4171EE36}" = 6500_E709_Help_BasicWeb
"{11E0AC7D-6823-4F67-865F-EE1C13D28C38}" = QuickBooks Premier: Accountant Edition 2011
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2181214D-1954-4C60-91FD-EEA7EBB32022}" = QuickBooks Premier: Accountant Edition 2012
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8C6D37-CA3C-4EF6-A1E5-0D188E7B6021}" = HP Officejet 6500 E709 Series
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{779C40FF-9211-427B-A5C4-2026B85A1033}" = Nero 7 Essentials
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86196C81-759C-4F74-8DFF-36F9F50FEEAC}" = 6500_E709_BasicWeb
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = VirtualDJ Toolbar
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = MovieEdit Task
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FA0092C2-C0FE-40DA-A79E-E4C0FCA129F9}" = Intuit Entitlement Client
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAD96046-769E-4A4B-949B-8D29D885EFD6}" = BPDSoftware_Ini
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"HTC_WModemDriver" = WModem Driver Installer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{B147DC1B-49B3-4368-8A01-5AD9992CD58D}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"ProSeries 2010" = ProSeries 2010
"Tax Forms Helper 2011_is1" = Tax Forms Helper 2011 10.0
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1123561945-963894560-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = VirtualDJ Toolbar Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/20/2012 8:50:19 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 8:50:19 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 8:50:19 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 11:06:45 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 11:06:45 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2012 11:06:45 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/22/2012 1:41:00 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/22/2012 1:41:00 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/22/2012 1:41:00 PM | Computer Name = OWNER-CFB93CB1D | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/23/2012 2:55:19 PM | Computer Name = OWNER-CFB93CB1D | Source = Application Error | ID = 1000
Description = Faulting application otl.exe, version 0.0.0.0, faulting module , version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 3/21/2012 2:36:45 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Apple Mobile Device service
to connect.

Error - 3/21/2012 2:36:45 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 3/23/2012 1:27:23 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/23/2012 1:27:23 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/23/2012 1:27:23 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The QBCFMonitorService service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/23/2012 1:27:23 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The QBIDPService service terminated unexpectedly. It has done this
1 time(s).

Error - 3/23/2012 1:27:24 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Service Agent service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/23/2012 1:27:24 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/23/2012 1:27:25 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 3/23/2012 1:27:26 PM | Computer Name = OWNER-CFB93CB1D | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Client service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mambass » March 24th, 2012, 8:11 am

Hi Catherine, :)

Your logs look much better now, i just need you to run a couple of scans to check for leftovers.

  1. Download and run Malwarebytes Anti-Malware (Free for non-business use)
    1. Please hold down Ctrl then click here to open a new Malwarebytes window and then click on Download in the Free column.
    2. If a c/net download page is displayed then click on Download Now whereas if a Major Geeks page is displayed click on the Official Mirror button. In either case save the installer to your Desktop.
    3. You should now have a desktop icon named mbam-setup-(version).exe. (If the download was saved somewhere else, locate it and copy or move it to your desktop).
    4. Double click it to run the installer.
    5. Let it install where it wants to, with the default settings, and click Finish.
    6. If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
    7. If necessary, start Malwarebytes Anti-Malware again.
      (You can Decline any Offer for a Trial if you don't want the paid version)
    8. Once the program has started up, select Perform Quick Scan, then click Scan.
    9. When the scan is complete, click OK, then Show Results to view the results.
    10. If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    11. When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
    12. The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.


  2. ESET online scannner
    1. Please disable any Antivirus you have active, as shown in This Topic.
    2. Hold down Ctrl then click on the following link to open a new window to ESET online scannner
      • If Internet Explorer is being used then check Yes, I accept the Terms of Use and then click the Start button.
        Allow the ESET Scanner Active-X component to be installed if asked and click the Retry button if prompted to restart the download.

      • If a browser other than Internet Explorer is being used then click the esetsmartinstaller_enu.exe link and save the installer to your Desktop.
        Double-click on the installer to run it.
        Check Yes, I accept the Terms of Use and click the Start button.
    3. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    4. Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    5. Now click on Start.
    6. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    7. When completed the Online Scan will begin automatically.
    8. Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    9. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    10. Now click on Finish.
    11. Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    12. Copy and paste that log as a reply to this topic.
    13. Re-enable your Antivirus software.

  3. Malware symptoms?
    Please indicate in your reply if you're experiencing any malware symptoms at this point.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The contents of the Malwarebytes log.
  3. The contents of the ESET log.
  4. An indication of any malware symptoms that may be present on your system.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 24th, 2012, 5:32 pm

Here is the Eset log:

C:\Documents and Settings\Owner\My Documents\Downloads\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application
C:\Documents and Settings\Owner\My Documents\Downloads\MusicnotesSuite.exe Win32/OpenCandy application
C:\System Volume Information\_restore{FA97C0BB-CFB8-4640-A6FA-DDBD2ED384B6}\RP274\A0057927.exe probably a variant of Win32/Adware.Softomate.AD application
C:\System Volume Information\_restore{FA97C0BB-CFB8-4640-A6FA-DDBD2ED384B6}\RP274\A0057943.exe Win32/OpenCandy application
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03202012_232447\C_Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application

Here is the mbam log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.24.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-CFB93CB1D [administrator]

3/24/2012 1:08:16 PM
mbam-log-2012-03-24 (13-08-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182479
Time elapsed: 11 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks for your help. I had no idea this would take so long. I can tell my pc is faster already.

Catherine
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mambass » March 25th, 2012, 10:06 am

Hi Catherine, :)

Catherine wrote:Thanks for your help. I had no idea this would take so long. I can tell my pc is faster already.
Unfortunately, no one tool detects all problems. We're almost done. :)

Please print these instructions because you will not have access to the Internet while performing some of the tasks below.

  1. MusicnotesSuite.exe
    The file C:\Documents and Settings\Owner\My Documents\Downloads\MusicnotesSuite.exe was identified by ESET as containing an infection. An individual scanner can at times falsely identify a file as being bad.
    • If you are not familiar with this file or do not care if it is removed from your system then I would recommend that you delete it, mention in your reply that you deleted it and then skip the VirusTotal scan instructions and move on to the OTL fix in Task II below.
    • If you would like to retain this file then please follow the VirusTotal scan steps below so that we can determine if it is indeed a bad file.

    Scan file using VirusTotal if you would like to keep it
    1. Goto www.virustotal.com
    2. Click the Choose File button then navigate to and double-click on the following file:
      Code: Select all
      C:\Documents and Settings\Owner\My Documents\Downloads\MusicnotesSuite.exe
      
    3. Click the Scan it! button. Your file will be uploaded and analyzed.
      • Note: If a message is displayed indicating that the file was already analyzed, click the Reanalyse button so that your copy of the file will be analyzed.
    4. Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
      Example of web address :
      Image

  2. Perform a Custom Fix with OTL
    1. Double-click the OTL icon on your Desktop to run the program.
    2. In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code: Select all
      :Files
      C:\Documents and Settings\Owner\My Documents\Downloads\CouponPrinter.exe
      
      :Commands
      [EMPTYTEMP]
      [CLEARALLRESTOREPOINTS]
      
      
    3. Close all running applications other than OTL.
    4. Click the Run Fix button at the top.
    5. Let the program run unhindered and reboot the PC when it is done.
    6. When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    7. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.


Please include in your reply:
  1. The text of any error messages and/or a description of any problems you encountered while performing these steps.
  2. The permalink (web address) of the VirusTotal scan if MusicnotesSuite.exe was not deleted.
  3. The contents of the OTL Fix log.


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 26th, 2012, 8:11 am

Dear mambass,

I hope you didn't think I was complaining about how long this is taking. I was and am amazed at the process. Had a performance yesterday so I could not work on this. I deleted the Music note file. Had no idea what it was. Kids! Here is the OTL fix it log:

All processes killed
========== FILES ==========
C:\Documents and Settings\Owner\My Documents\Downloads\CouponPrinter.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 302500 bytes
->Temporary Internet Files folder emptied: 7684356 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67726348 bytes
->Flash cache emptied: 684 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2790 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 18728608 bytes

Total Files Cleaned = 90.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.39.1 log created on 03262012_070001

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\CVHLauncher(201203231303448A8).log moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mambass » March 26th, 2012, 11:21 am

Hi Catherine, :)

Catherine wrote: I hope you didn't think I was complaining about how long this is taking. I was and am amazed at the process.
Some people can become frustrated with the process, especially when it goes on long after the malware symptoms have disappeared. Some of those people choose to abandon the thread at that point. It's not uncommon to see them back here or at another forum at some point down the road with some new infection. Our goal here is to stay with you until all malware has been removed from your computer, see that your computer is adequately protected against re-infection and to see that you have the information you need to keep it that way. I appreciate your staying with me here because we've reached that point. :)

Your computer appears to be clear of malware. Good job. :thumbup:

Please stay with me a bit longer because there are a few important things that we still need to do to cleanup and make sure that you don't get infected again.

Please print these instructions because you will need to close this browser window in a step below.

  1. Cleanup with OTL
    1. Close all windows/applications.
    2. Double-click the OTL on your Desktop.
    3. Click the CleanUp button in the OTL window. The cleanup will begin after which a dialog will be displayed indicating that a reboot is required.
    4. Click the OK button in the message window. The system will reboot.

  2. Stay clean
    The important thing now is to actively do things that will help keep you from getting infected in the future.

    1. Keep Antivirus and applications updated
      This is the MOST IMPORTANT thing that you can do to keep from becoming infected.
      • Keep Microsoft products up-to-date with the latest security patches. Either
        • Enable some level of Automatic Updates
          • Click Start > Control Panel. The Control Panel window will be displayed.
          • Double-click the System icon/entry. The System Properties window will be displayed.
          • Click the Automatic Updates tab.
          • Select the option which best fits your needs.
        • Or use Internet Explorer (not Firefox) to visit the Microsoft Update site on a regular basis.

      • I personally use and recommend the free Secunia Personal Software Inspector (PSI). This program will keep you aware of software that is installed on your computer that contains security vulnerabilities for which security patches exist. I have mine set to automatically scan my computer weekly.

      • All updates are important but pay particular attention to updates for all browsers as well as Microsoft, Java and Adobe products. These are widely-used products that Malware writers frequently target.

    2. Read and stay informed!

      To help minimize the chances of becoming re-infected, please read.
      Computer Security - a short guide to staying safer online

      If your computer is running slowly after your clean up, please read.
      What to do if your Computer is running slowly


I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing! :)


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 26th, 2012, 4:32 pm

Dear mambass,

Thank you so much for your help. It has been an enlightening experience. I am most appreciative of the tips for staying clean. I started using Firefox instead of Internet Explorer because of virus problems, but no one ever told me to use IE to update. I was aware of the conflicts involved with having more than one anti-virus. I have Spybot Search and Destroy, should I uninstall. I don't have the teatimer executing upon start up. The last virus I got, the geeks who reformatted my hard drive installed C cleaner. Should it be deleted?

I am all for knowledge and prevention. I thank you again for all your help.

Yours,

Catherine :cheers:
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby mambass » March 27th, 2012, 7:09 am

Hi Catherine, :)

Catherine wrote:Thank you so much for your help.
You're quite welcome. And I, in turn, will thank the Teacher who assisted me with your logs. :)


Catherine wrote:I started using Firefox instead of Internet Explorer because of virus problems, but no one ever told me to use IE to update.
Also keep in mind that it's important that you keep Internet Explorer up-to-date with respect to all security patches even if it's not your primary browser since it is required for certain functions. ;)


Catherine wrote:I have Spybot Search and Destroy, should I uninstall.
There's no need to uninstall Spybot. It's fine.


Catherine wrote:The last virus I got, the geeks who reformatted my hard drive installed C cleaner. Should it be deleted?
There's no need to uninstall CCleaner however do not click the Registry button. This is a built-in registry cleaner. Removing certain entries can render your computer inoperable!

I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


Do you have any other questions? :)


mambass
User avatar
mambass
Retired Graduate
 
Posts: 826
Joined: April 23rd, 2010, 9:26 am

Re: Browser Hijack searchnu......com/410

Unread postby mein12 » March 27th, 2012, 12:24 pm

Dear mambass,

No I do not have any other questions at this time. I am off to Florida for Spring Break. Thank you ever so much.

Yours,

Catherine :flower:
mein12
Regular Member
 
Posts: 16
Joined: March 13th, 2012, 10:48 pm

Re: Browser Hijack searchnu......com/410

Unread postby Cypher » March 27th, 2012, 12:41 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware