Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Re-Directing When I Try to Update

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re-Directing When I Try to Update

Unread postby clsgman » March 26th, 2010, 9:17 pm

recently i cannot connect to Malwarebytes.org or safer-networking for updates. I get re-directed to AOL Search page.

Here is my HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:29 PM, on 3/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\AOL\1222568482\ee\AOLSoftware.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Documents and Settings\Rob\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080915
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1222568482\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Rob\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.caldirectsecuredocs.com
O15 - Trusted Zone: http://www.ditechsecuredocs.com
O15 - Trusted Zone: http://www.ditechsecuredocs.net
O15 - Trusted Zone: http://ctest.elynx.net
O15 - Trusted Zone: http://forms.elynx.net
O15 - Trusted Zone: http://gmacforms.elynx.net
O15 - Trusted Zone: http://pro.elynx.net
O15 - Trusted Zone: http://secure.elynx.net
O15 - Trusted Zone: http://usign.elynx.net
O15 - Trusted Zone: http://webpost.elynx.net
O15 - Trusted Zone: http://www.gmacmsecuredocs.com
O15 - Trusted Zone: http://www.gmacmsecuredocs.net
O15 - Trusted Zone: http://www.gmamcsecuredocs.com
O15 - Trusted Zone: http://loandocs.ss3.swiftsend.com
O15 - Trusted Zone: http://docs.swiftsend.com
O15 - Trusted Zone: http://loandocs.swiftsend.com
O15 - Trusted Zone: http://docs.swiftsend2.com
O15 - Trusted Zone: http://loandocs.swiftsend2.com
O15 - Trusted Zone: http://www.swiftview.com
O15 - Trusted Zone: http://www.wamuloandocs.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://scan.networkmagic.com/nmscan/dow ... -WD.V1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34B5A54F-F341-41D2-93ED-CFEB96ED2901}: NameServer = 93.188.164.97,93.188.166.142
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.97,93.188.166.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{34B5A54F-F341-41D2-93ED-CFEB96ED2901}: NameServer = 93.188.164.97,93.188.166.142
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.164.97,93.188.166.142
O17 - HKLM\System\CS3\Services\Tcpip\..\{34B5A54F-F341-41D2-93ED-CFEB96ED2901}: NameServer = 93.188.164.97,93.188.166.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.97,93.188.166.142
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: whlayx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: geBuutUl - geBuutUl.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 15425 bytes

Uninstall list

3D Windows XP Screen Saver
Acronis True Image Home
ACT! by Sage 2009 (11.0)
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Reader 9.3.1
AI RoboForm (All Users)
Amazon MP3 Downloader 1.0.3
AnswerWorks 5.0 English Runtime
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Auslogics BoostSpeed
AVG 9.0
AVI Splitter
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bonjour
Browser Address Error Redirector
Capture NX 2
Cardiris 3.5 for Plustek OptiCard
CDBurnerXP
ClearType Tuning Control Panel Applet
Color Efex Pro 3.0 Complete
Color Efex Pro 3.0 Complete for Capture NX 2
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
coverXP (remove only)
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Printer Software Uninstall
Dell Support Center (Support Software)
Dexter Screen Saver
Dfine 2.0
Diagnostics Utility
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
E.M. Total Video Player 1.31
EPSON Printer Software
Exact Audio Copy 0.95b4
File Uploader
Financial Fate
FLAC 1.2.1b (remove only)
Foxit PDF Editor
Foxit PDF IFilter
Foxit Reader
Free PDF to Word Doc Converter v1.1
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
ImTOO MPEG Encoder Platinum
iTunes
Java(TM) 6 Update 13
Magic ISO Maker v5.5 (build 0272)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Color Control Panel Applet for Windows XP
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ACT7)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
mkw Audio Compression Toolkit
Mozilla Firefox (3.5.8)
MozyHome Remote Backup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Music Tag Editor v1.61
Natural Color Pro
Nero 8
Nero Mega Plugin Pack
neroxml
Nikon Message Center
OGA Notifier 2.0.0048.0
Opanda IExif 2.3
Opanda PowerExif 1.2 Professional Trial
Photomatix Pro version 3.2.6
PhotoTune 3.0.1
PhotoWatermark Professional 7
Picasa 3
Picture Control Utility
Plustek OptiCard 820 Scanner
PowerDVD
Presto! ImageFolio 4
Quicken 2007
Quicken 2010
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
SearchAssist
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Startup Delayer v2.3 (build 134)
SwiftView Viewer
Switch Sound File Converter
TBS WMP Plug-in
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
VC 9.0 Runtime
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Videora iPhone Converter 4.08
ViewNX
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Watermark Factory 2
WD Diagnostics
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
WordPerfect Office 12
ZoneAlarm

Thank you in advance for your help, Rob.
clsgman
Regular Member
 
Posts: 16
Joined: March 26th, 2010, 9:10 pm
Advertisement
Register to Remove

Re: Re-Directing When I Try to Update

Unread postby MWR 3 day Mod » March 29th, 2010, 10:22 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Re-Directing When I Try to Update

Unread postby deltalima » March 30th, 2010, 4:30 am

Hi clsgman,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Please also let me know if this machine is used for business purposes.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Re-Directing When I Try to Update

Unread postby clsgman » March 30th, 2010, 9:08 pm

Thanks for your assistance. Here are the OTL.txt and Extras.txt. The other will follow tomorrow. The scan takes over an hour and my computer froze. Will try again.
Computer not used for business.

OTL logfile created on: 3/30/2010 3:01:51 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Rob\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 71.98 Gb Free Space | 24.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.65 Gb Total Space | 165.39 Gb Free Space | 35.52% Space Free | Partition Type: FAT32
Drive G: | 931.51 Gb Total Space | 510.04 Gb Free Space | 54.75% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VOSTRO
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Rob\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\Rob\Application Data\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\aol\1222568482\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\AOL 9.1\waol.exe (AOL, LLC.)
PRC - C:\Program Files\AOL 9.1\shellmon.exe (AOL, LLC.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Rob\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll (SlySoft, Inc.)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)
MOD - C:\Program Files\AOL 9.1\idleproc.dll (AOL, LLC.)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (MSSQL$ACT7) SQL Server (ACT7) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (GoogleDesktopManager-010708-104812) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ACT! Scheduler) -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe (Sage Software, Inc.)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation)
DRV - (RTLVLAN) -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS (Realtek Semiconductor Corporation)
DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Realtek Semiconductor Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (NCPro) -- C:\WINDOWS\system32\drivers\MTictwl.sys ()
DRV - (MagicTune) -- C:\WINDOWS\system32\drivers\MTictwl.sys ()
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080915


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080915
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080915
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.97
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: askopensearch-VTS@ask.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.5.10
FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.5
FF - prefs.js..keyword.URL: "http://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/12/07 20:55:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/14 00:22:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/05 06:44:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/05 06:48:46 | 000,000,000 | ---D | M]

[2008/09/27 17:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Extensions
[2010/03/30 00:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions
[2010/02/22 20:19:33 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/07/25 18:16:28 | 000,000,000 | ---D | M] (Aero Fox Silver) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
[2009/01/09 19:23:31 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/01/07 23:54:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/27 19:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/09/10 22:35:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/08/29 17:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/07/25 18:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\askopensearch-VTS@ask.com
[2010/03/03 09:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\foxmarks@kei.com
[2010/03/18 19:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\personas@christopher.beard
[2009/07/25 18:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\browser\extensions
[2009/07/25 18:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\mozapps\extensions
[2009/07/25 18:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\browser\extensions
[2009/07/25 18:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions
[2010/03/30 00:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/12 01:06:07 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2008/06/18 03:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/10/17 18:37:57 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/04/14 17:13:25 | 000,742,088 | ---- | M] (SwiftView, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npsview.dll
[2008/12/24 00:14:41 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/03/26 20:32:11 | 000,379,612 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 13104 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..\Toolbar\ShellBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1222568482\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Rob\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Rob\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://scan.networkmagic.com/nmscan/dow ... -WD.V1.cab (Pure Networks Security Scan)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.97,93.188.166.142
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (whlayx.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 12:08:04 | 000,000,036 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2007/11/26 21:39:06 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2009/08/19 05:03:12 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{3c76b41a-4663-11de-93af-00038a000015}\Shell\AutoRun\command - "" = E:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{3c76b41a-4663-11de-93af-00038a000015}\Shell\Flip Video for PC\command - "" = E:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{561d962d-9afe-11de-9443-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{561d962d-9afe-11de-9443-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{561d962d-9afe-11de-9443-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ef8a1733-9be7-11dd-8415-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ef8a1733-9be7-11dd-8415-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ef8a1733-9be7-11dd-8415-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f9a4a297-db7c-11de-9493-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{f9a4a297-db7c-11de-9493-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9a4a297-db7c-11de-9493-00038a000015}\Shell\AutoRun\command - "" = G:\IronKey.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/28 11:07:36 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/27 20:47:55 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/03/27 20:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/03/27 19:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\QuickScan
[2010/03/27 16:40:04 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/27 16:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\mbam-installer
[2010/03/26 23:48:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/03/26 21:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\AskBardis
[2010/03/26 20:30:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/26 20:30:02 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 20:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/25 15:56:02 | 000,061,440 | ---- | C] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\nlssrv32.exe
[2010/03/25 15:56:02 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\ASTSRV.EXE
[2010/03/22 19:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/21 19:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Local Settings\Application Data\Temp
[2010/03/21 19:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/03/14 18:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\m-brooklyn-a
[2010/03/14 16:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\m-brooklyn-b
[2010/03/14 00:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\OrderConfirmation.aspx_files
[2010/03/13 14:45:32 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/12 21:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\My Documents\The 25th Anniversary Rock And Roll Hall 2009 HD
[2010/03/10 22:38:08 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/07 20:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\Escape.From.New.York.1981.WS.DVDRip.XviD.iNT-EwDp
[2010/03/06 00:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\AVS4YOU
[2010/03/06 00:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/03/06 00:23:05 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2010/03/06 00:23:05 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010/03/06 00:23:05 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/03/06 00:23:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/03/06 00:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/03/06 00:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/03/01 16:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/01 16:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/01 16:47:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/01 16:47:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/01 19:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2009/11/15 21:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/12/01 20:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008/12/01 20:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/11/21 19:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/30 14:58:21 | 000,000,785 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/30 14:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/30 10:26:45 | 058,253,661 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/30 10:22:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/30 10:22:27 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/30 10:21:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/30 10:20:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/30 10:20:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/30 10:20:40 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/30 10:16:02 | 013,107,200 | ---- | M] () -- C:\Documents and Settings\Rob\NTUSER.DAT
[2010/03/30 10:16:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rob\ntuser.ini
[2010/03/30 00:07:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\prvlcl.dat
[2010/03/29 23:20:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/29 22:40:44 | 000,005,084 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2010/03/29 22:40:44 | 000,003,584 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2010/03/28 14:13:12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/27 09:24:08 | 001,099,440 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\p2pwt1A9k.exe
[2010/03/26 20:32:11 | 000,379,612 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/26 20:30:06 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/26 19:47:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/03/26 18:48:52 | 000,118,573 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\livepreview.aspx
[2010/03/26 18:28:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/24 07:33:12 | 000,189,952 | ---- | M] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 20:03:55 | 000,017,181 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\BJ's Trial Membership.gif
[2010/03/21 12:09:06 | 000,011,246 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Seder List of Foods.docx
[2010/03/20 13:57:31 | 024,008,590 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Samsung LN32B360.pdf
[2010/03/18 19:25:01 | 002,716,750 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\banner 2.pdf
[2010/03/15 22:09:22 | 000,114,491 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Letter_to_Kaplan.pdf
[2010/03/14 12:27:46 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/03/14 10:43:14 | 000,593,456 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 10:43:14 | 000,492,408 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 10:43:14 | 000,090,062 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 00:09:36 | 000,064,185 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\OrderConfirmation.aspx.htm
[2010/03/13 15:01:58 | 000,044,208 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\RobertKaplanfloorplan.pdf
[2010/03/13 14:45:34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/13 14:45:32 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/13 14:45:32 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/13 14:45:07 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/13 14:45:05 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/06 21:22:25 | 3165,524,508 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\The 25th Anniversary Rock And Roll Hall Concert.avi
[2010/03/06 16:45:11 | 2910,648,213 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\The 25th Anniversary Rock And Roll Hall 2009 HD_1.avi
[2010/03/06 14:23:40 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\AVS Video Converter 6.lnk
[2010/03/06 06:26:14 | 2934,797,957 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\The 25th Anniversary Rock And Roll Hall 2009 HD.avi
[2010/03/05 06:48:43 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2010/03/05 06:48:33 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2010/03/05 06:48:06 | 000,001,485 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\DivX Movies.lnk
[2010/03/04 20:32:28 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Bryce_and_Zion_Prelim_Itin.doc
[2010/03/04 20:25:47 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/03/04 20:16:50 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\4D80A1A85B.sys
[2010/02/28 22:03:13 | 000,379,612 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100326-203211.backup
[2010/02/28 21:36:41 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/27 16:02:09 | 001,099,440 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\p2pwt1A9k.exe
[2010/03/27 15:30:03 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/26 23:24:42 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/26 20:30:06 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/26 18:48:52 | 000,118,573 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\livepreview.aspx
[2010/03/22 20:03:54 | 000,017,181 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\BJ's Trial Membership.gif
[2010/03/21 19:01:28 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/21 19:01:28 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/21 12:09:06 | 000,011,246 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\Seder List of Foods.docx
[2010/03/20 13:57:30 | 024,008,590 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Samsung LN32B360.pdf
[2010/03/18 19:25:01 | 002,716,750 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\banner 2.pdf
[2010/03/15 22:09:22 | 000,114,491 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\Letter_to_Kaplan.pdf
[2010/03/14 00:09:35 | 000,064,185 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\OrderConfirmation.aspx.htm
[2010/03/13 15:01:58 | 000,044,208 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\RobertKaplanfloorplan.pdf
[2010/03/06 17:29:20 | 3165,524,508 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\The 25th Anniversary Rock And Roll Hall Concert.avi
[2010/03/06 09:54:02 | 2910,648,213 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\The 25th Anniversary Rock And Roll Hall 2009 HD_1.avi
[2010/03/06 00:40:38 | 2934,797,957 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\The 25th Anniversary Rock And Roll Hall 2009 HD.avi
[2010/03/06 00:23:28 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\AVS Video Converter 6.lnk
[2010/03/05 06:48:43 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2010/03/05 06:48:06 | 000,001,485 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\DivX Movies.lnk
[2010/03/04 20:32:28 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Bryce_and_Zion_Prelim_Itin.doc
[2010/03/04 20:16:49 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/03/04 20:16:49 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\4D80A1A85B.sys
[2010/03/04 09:51:48 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2010/02/27 16:05:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\prvlcl.dat
[2010/01/03 21:48:34 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/16 20:55:40 | 000,131,072 | -H-- | C] () -- C:\Documents and Settings\Rob\Application Data\svfiles.log
[2009/11/16 20:54:31 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\sview.ini
[2009/11/15 13:19:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2009/11/15 13:14:56 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\System Image Utility
[2009/11/15 13:14:56 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Rob\Application Data\Synth Basics
[2009/11/15 13:14:56 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/09/02 23:35:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Bundle
[2009/09/02 23:35:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Rob\Application Data\Booms
[2009/09/02 23:35:17 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2009/09/02 23:35:17 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Grapher
[2009/09/02 23:34:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\CIOSupport
[2009/09/02 23:34:52 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Guides
[2009/09/02 23:34:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\StatusSheet
[2009/09/02 23:34:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Booms
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/18 20:53:29 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/23 21:21:17 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2009/01/26 20:47:22 | 000,000,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/01/26 20:47:22 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\5BA8A1804D.sys
[2009/01/26 20:47:13 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Rob\Application Data\ActUpdate.log
[2009/01/13 21:19:22 | 000,001,845 | ---- | C] () -- C:\WINDOWS\if42le.ini
[2009/01/13 21:19:22 | 000,000,308 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2009/01/13 21:12:04 | 000,000,132 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2009/01/13 21:10:56 | 000,015,360 | R--- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2009/01/13 01:20:07 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2009/01/13 01:20:07 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2008/12/29 19:20:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\PFP120JPR.{PB
[2008/12/29 19:20:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\PFP120JCM.{PB
[2008/12/01 20:58:35 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2008/11/16 20:36:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/10/26 11:30:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/24 19:24:26 | 000,000,132 | ---- | C] () -- C:\WINDOWS\picture-shark.INI
[2008/10/05 19:36:56 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Rob\Application Data\Breath Pad
[2008/10/05 19:29:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/10/01 18:37:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/01 16:24:55 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/09/28 09:30:59 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/09/27 20:21:49 | 000,189,952 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 17:37:46 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\fusioncache.dat
[2008/09/15 14:58:44 | 000,001,159 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/09/15 12:16:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/15 12:12:23 | 000,000,311 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/18 11:00:52 | 000,070,018 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59756FA4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD4DD9B9
< End of report >
clsgman
Regular Member
 
Posts: 16
Joined: March 26th, 2010, 9:10 pm

Re: Re-Directing When I Try to Update

Unread postby clsgman » March 30th, 2010, 9:09 pm

Extras.txt

OTL Extras logfile created on: 3/30/2010 3:01:51 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Rob\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 71.98 Gb Free Space | 24.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.65 Gb Total Space | 165.39 Gb Free Space | 35.52% Space Free | Partition Type: FAT32
Drive G: | 931.51 Gb Total Space | 510.04 Gb Free Space | 54.75% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VOSTRO
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"33967:TCP" = 33967:TCP:*:Enabled:Utor1
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1222568482\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1222568482\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AssistantTools.com\Music Tag Editor\Music Tag Editor.exe" = C:\Program Files\AssistantTools.com\Music Tag Editor\Music Tag Editor.exe:*:Enabled:Music Tag Editor -- (AssistantTools.com)
"C:\Documents and Settings\Rob\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Rob\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16BA2250-85BA-49D9-99A1-9BD297377581}" = Cardiris 3.5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A4FE289-8B58-4FC5-8CE8-109A542CE0A7}" = ACT! by Sage 2009 (11.0)
"{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1" = Watermark Factory 2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A3250B2-20B6-496A-9576-D375B37F3E66}" = Plustek OptiCard 820 Scanner
"{3CEF833B-1C1E-E15E-9533-B65B4B8CEB20}" = MozyHome Remote Backup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{783033B0-D8E6-11D5-9293-0050BA073EEC}" = Presto! ImageFolio 4
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88253B77-33C9-4A9D-9E4C-4579E39D9158}" = Diagnostics Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B944FA21-81AF-4A77-8328-CE4F4CC51033}" = Nero 8
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D Windows XP" = 3D Windows XP Screen Saver
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"AI RoboForm" = AI RoboForm (All Users)
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar 5.0
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"AVI Splitter_is1" = AVI Splitter
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Capture NX 2" = Capture NX 2
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"Color Efex Pro 3.0 Complete NX2" = Color Efex Pro 3.0 Complete for Capture NX 2
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"coverXP" = coverXP (remove only)
"Dell_HostCD" = Dell Printer Software Uninstall
"Dexter Screen Saver" = Dexter Screen Saver
"Dfine 2.0" = Dfine 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"E.M. Total Video Player 1.31_is1" = E.M. Total Video Player 1.31
"EPSON Printer and Utilities" = EPSON Printer Software
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"Financial Fate_is1" = Financial Fate
"FLAC" = FLAC 1.2.1b (remove only)
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"ImagenomicNoisewareProPlugin" = Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
"ImTOO MPEG Encoder Platinum" = ImTOO MPEG Encoder Platinum
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{16BA2250-85BA-49D9-99A1-9BD297377581}" = Cardiris 3.5 for Plustek OptiCard
"InstallShield_{1A4FE289-8B58-4FC5-8CE8-109A542CE0A7}" = ACT! by Sage 2009 (11.0)
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mIRC" = mIRC
"mkwACT" = mkw Audio Compression Toolkit
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Music Tag Editor_is1" = Music Tag Editor v1.61
"Opanda IExif_is1" = Opanda IExif 2.3
"Opanda PowerExif Professional Trial_is1" = Opanda PowerExif 1.2 Professional Trial
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.6
"PhotoWatermark Professional_is1" = PhotoWatermark Professional 7
"Picasa 3" = Picasa 3
"SearchAssist" = SearchAssist
"Startup Delayer" = Startup Delayer v2.3 (build 134)
"SwiftView" = SwiftView Viewer
"Switch" = Switch Sound File Converter
"ULTIMATER" = Microsoft Office Ultimate 2007
"Videora iPhone Converter" = Videora iPhone Converter 4.08
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/29/2010 10:40:21 PM | Computer Name = VOSTRO | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Native Client Error message: BACKUP DATABASE is terminating abnormally.
SQLSTATE:
42000, Native Error: 3202 Error state: 2, Severity: 16 Source: Microsoft SQL Native
Client Error message: Write on "{BA7FAFB9-2A26-45ED-B203-8F98CBEF640C}3" failed:
995(The I/O operation has been aborted because of either a thread exit or an application
request.)

Error - 3/29/2010 10:40:21 PM | Computer Name = VOSTRO | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Native Client Error message: BACKUP DATABASE is terminating abnormally.
SQLSTATE:
42000, Native Error: 3202 Error state: 2, Severity: 16 Source: Microsoft SQL Native
Client Error message: Write on "{BA7FAFB9-2A26-45ED-B203-8F98CBEF640C}6" failed:
995(The I/O operation has been aborted because of either a thread exit or an application
request.)

Error - 3/29/2010 10:40:21 PM | Computer Name = VOSTRO | Source = SQLWRITER | ID = 24583
Description = Sqllib error: OLEDB Error encountered calling ICommandText::Execute.
hr = 0x80040e14. SQLSTATE: 42000, Native Error: 3013 Error state: 1, Severity: 16
Source:
Microsoft SQL Native Client Error message: BACKUP DATABASE is terminating abnormally.
SQLSTATE:
42000, Native Error: 3202 Error state: 2, Severity: 16 Source: Microsoft SQL Native
Client Error message: Write on "{BA7FAFB9-2A26-45ED-B203-8F98CBEF640C}7" failed:
995(The I/O operation has been aborted because of either a thread exit or an application
request.)

Error - 3/30/2010 10:21:05 AM | Computer Name = VOSTRO | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 3/30/2010 10:25:55 AM | Computer Name = VOSTRO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 3/30/2010 10:25:56 AM | Computer Name = VOSTRO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/30/2010 10:25:56 AM | Computer Name = VOSTRO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/30/2010 10:25:56 AM | Computer Name = VOSTRO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/30/2010 10:25:56 AM | Computer Name = VOSTRO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/30/2010 10:25:56 AM | Computer Name = VOSTRO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 3/26/2010 11:49:07 PM | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 ElbyCDIO Fips intelppm mozyFilter

Error - 3/27/2010 12:00:41 AM | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 3/27/2010 12:00:50 AM | Computer Name = VOSTRO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/28/2010 11:09:27 AM | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iaStor

Error - 3/28/2010 4:03:52 PM | Computer Name = VOSTRO | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/28/2010 6:26:35 PM | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iaStor Lbd

Error - 3/28/2010 6:36:37 PM | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 3/28/2010 10:15:48 PM | Computer Name = VOSTRO | Source = VolSnap | ID = 393236
Description = The shadow copy of volume G: was aborted because of a failed free
space computation.

Error - 3/29/2010 10:08:35 PM | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 3/30/2010 10:22:07 AM | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >
clsgman
Regular Member
 
Posts: 16
Joined: March 26th, 2010, 9:10 pm

Re: Re-Directing When I Try to Update

Unread postby deltalima » March 31st, 2010, 5:17 am

Hi clsgman,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    uTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Please tell me about the following two programs

ACT! by Sage 2009
Cardiris 3.5 for Plustek OptiCard


as they would seem to be for business rather than personal use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Re-Directing When I Try to Update

Unread postby clsgman » March 31st, 2010, 9:50 pm

I removed uTorrent.
I use ACT at work and installed it here but don't use it.
CardIris is a software program I installed but never used.

Tried running GMER twice in safe Mode but got a BSOD blaming it on uxtdypow.sys
clsgman
Regular Member
 
Posts: 16
Joined: March 26th, 2010, 9:10 pm

Re: Re-Directing When I Try to Update

Unread postby clsgman » March 31st, 2010, 9:54 pm

ran a search on uxtdypow.sys

Seems like bad malware. Suggestions?
clsgman
Regular Member
 
Posts: 16
Joined: March 26th, 2010, 9:10 pm

Re: Re-Directing When I Try to Update

Unread postby deltalima » April 1st, 2010, 3:56 am

Hi clsgman,

Run Combofix:

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:

The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit

Click the YES button.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.

When finished ComboFix will produce a log file. Please post the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Re-Directing When I Try to Update

Unread postby clsgman » April 1st, 2010, 9:16 pm

After running ComboFix, I lost internet access on the infected machine. My modem and router are working fine but neither Firefox and IE can find servers. I am writing to you on my laptop via my home's wireless connection. ComboFix deleted some files. Hopefully drivers required to connect were not deleted.

I will upload the log tomorrow via my office's machine.

Is there anything I can do to establish connectivity again?
clsgman
Regular Member
 
Posts: 16
Joined: March 26th, 2010, 9:10 pm

Re: Re-Directing When I Try to Update

Unread postby deltalima » April 2nd, 2010, 4:29 am

Hi clsgman,

ComboFix deleted some files


The Combfix log will tell us any infected files that were removed and need to be replaced with clean versions.

Please check the TCP/IP properties for the network card to ensure that they are set to DHCP (obtain address automatically). Please reboot the computer one more time and try again, also please run a new OTL scan and post the OTL.txt file in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Re-Directing When I Try to Update

Unread postby clsgman » April 2nd, 2010, 7:23 am

Here is the ComboFix log. Will send you another OTL log this afternoon. Thanks again for your help.

ComboFix 10-03-29.04 - Rob 04/01/2010 20:02:59.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2726 [GMT -4:00]
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Rob\MYDOCU~1\DOWNLO~1\DANGer~1.exe
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\wiaserviv.log
F:\Autorun.inf
G:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-03-28 00:47 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-28 00:47 . 2010-03-28 00:47 -------- d-----w- c:\program files\Panda Security
2010-03-27 23:58 . 2010-03-28 15:15 -------- d-----w- c:\documents and settings\Rob\Application Data\QuickScan
2010-03-27 23:58 . 2010-03-26 18:33 668648 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-03-27 23:58 . 2010-03-26 18:33 830864 ----a-w- c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-03-27 20:40 . 2010-03-28 15:00 -------- d-----w- C:\rsit
2010-03-27 03:42 . 2010-03-27 03:42 -------- d-----w- c:\documents and settings\Cindy\Application Data\Malwarebytes
2010-03-27 01:03 . 2010-03-27 01:03 -------- d-----w- c:\program files\AskBardis
2010-03-27 00:30 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-27 00:30 . 2010-03-27 00:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-27 00:30 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 19:56 . 2010-02-16 19:28 61440 ----a-w- c:\windows\system32\nlssrv32.exe
2010-03-25 19:56 . 2010-02-16 19:28 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2010-03-22 23:42 . 2010-03-22 23:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-03-21 23:38 . 2010-03-21 23:43 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\Temp
2010-03-21 23:01 . 2010-03-21 23:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-03-13 18:45 . 2010-03-13 18:45 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-13 18:45 . 2010-03-13 18:45 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-13 18:45 . 2010-03-13 18:45 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-13 18:45 . 2010-03-13 18:45 161800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
2010-03-13 18:45 . 2010-03-13 18:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 02:38 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 04:24 . 2010-03-13 04:53 -------- d-----w- c:\documents and settings\Rob\Application Data\AVS4YOU
2010-03-06 04:23 . 2010-03-06 04:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-03-06 04:23 . 2008-08-13 15:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-03-06 04:23 . 2008-08-13 15:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-03-06 04:23 . 2008-08-13 15:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-03-06 04:23 . 2008-08-13 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-06 04:23 . 2010-03-06 18:24 -------- d-----w- c:\program files\AVS4YOU
2010-03-06 04:23 . 2010-03-06 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-03-05 00:16 . 2010-03-05 00:25 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-05 00:16 . 2010-03-05 00:16 56 --sh--r- c:\windows\system32\4D80A1A85B.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 23:55 . 2010-01-14 01:28 -------- d-----w- c:\documents and settings\Rob\Application Data\Dropbox
2010-04-01 01:47 . 2008-09-27 21:55 -------- d-----w- c:\program files\uTorrent
2010-04-01 01:47 . 2008-09-27 21:55 -------- d-----w- c:\documents and settings\Rob\Application Data\uTorrent
2010-03-31 02:07 . 2010-02-27 20:05 0 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\prvlcl.dat
2010-03-28 18:14 . 2010-02-10 18:34 -------- d-----w- c:\documents and settings\Rob\Application Data\vlc
2010-03-28 15:24 . 2009-04-15 00:28 -------- d-----w- c:\program files\Lavasoft
2010-03-28 15:24 . 2008-10-24 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-27 01:20 . 2008-09-15 16:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-21 23:01 . 2008-09-15 16:12 -------- d-----w- c:\program files\Google
2010-03-21 02:29 . 2010-03-21 04:00 2677248 ----a-w- c:\windows\Internet Logs\xDB52.tmp
2010-03-20 13:23 . 2008-10-31 00:33 1572594 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-03-15 23:36 . 2008-09-30 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-14 16:27 . 2008-10-05 23:29 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2010-03-13 18:45 . 2010-01-17 22:20 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 18:45 . 2010-01-17 22:20 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 18:45 . 2010-01-17 22:20 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 18:45 . 2010-01-17 22:20 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-11 02:51 . 2009-12-11 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 12:58 . 2010-03-10 01:10 3155968 ----a-w- c:\windows\Internet Logs\xDB51.tmp
2010-03-05 10:48 . 2008-09-28 03:01 -------- d-----w- c:\program files\DivX
2010-03-05 10:48 . 2009-06-18 00:11 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-04 06:43 . 2010-03-04 13:10 3106816 ----a-w- c:\windows\Internet Logs\xDB50.tmp
2010-03-01 20:47 . 2010-01-17 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-28 15:12 . 2010-01-14 01:28 91696 ----a-w- c:\documents and settings\Rob\Application Data\Dropbox\bin\Uninstall.exe
2010-02-28 15:11 . 2010-02-28 15:11 13264416 ----a-w- c:\documents and settings\Rob\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-02-28 02:01 . 2010-02-28 15:09 360960 ----a-w- c:\windows\Internet Logs\xDB4E.tmp
2010-02-28 02:01 . 2010-02-28 15:09 3096064 ----a-w- c:\windows\Internet Logs\xDB4F.tmp
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Rob\Application Data\Dropbox\bin\Dropbox.exe
2010-02-25 14:20 . 2010-02-25 21:52 2854400 ----a-w- c:\windows\Internet Logs\xDB4C.tmp
2010-02-25 14:20 . 2010-02-25 21:52 3095552 ----a-w- c:\windows\Internet Logs\xDB4D.tmp
2010-02-21 15:01 . 2010-02-21 15:01 -------- d-----w- c:\documents and settings\Rob\Application Data\AVG9
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 23:24 . 2010-02-19 23:24 104768 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-02-10 04:50 . 2009-08-01 23:32 -------- d-----w- c:\program files\CDBurnerXP
2010-02-06 22:51 . 2010-02-06 22:51 -------- d-----w- c:\documents and settings\Rob\Application Data\Canneverbe Limited
2010-02-05 00:59 . 2009-11-15 17:14 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2010-02-05 00:43 . 2010-02-05 00:43 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-04 04:24 . 2008-09-15 16:12 -------- d-----w- c:\program files\Dell
2010-02-01 00:30 . 2010-02-01 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-02-01 00:30 . 2010-02-01 00:30 -------- d-----w- c:\documents and settings\Cindy\Application Data\Office Genuine Advantage
2010-01-25 13:19 . 2010-01-25 13:20 3055616 ----a-w- c:\windows\Internet Logs\xDB4B.tmp
2010-01-23 01:49 . 2010-01-23 01:49 159168 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-01-23 01:49 . 2010-01-23 01:49 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys
2010-01-23 01:49 . 2010-01-23 01:49 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-01-23 01:49 . 2010-01-23 01:49 157248 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-01-22 01:51 . 2010-01-22 01:53 3038720 ----a-w- c:\windows\Internet Logs\xDB4A.tmp
2010-01-15 11:54 . 2010-01-15 11:54 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-01-13 04:07 . 2010-01-13 21:15 3003904 ----a-w- c:\windows\Internet Logs\xDB49.tmp
2010-01-13 04:07 . 2010-01-13 21:15 2944512 ----a-w- c:\windows\Internet Logs\xDB48.tmp
2009-04-22 03:39 . 2008-10-01 00:38 98 --sha-w- c:\windows\S781901D4.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Rob\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Rob\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Rob\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-10-20 16:51 2846008 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-10-20 16:51 2846008 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-02-22 3312576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1222568482\ee\AOLSoftware.exe" [2008-06-24 41824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2008-11-29 147456]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

c:\documents and settings\Rob\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Rob\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 18:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-19 23:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8169Diag]
2008-02-26 21:15 909312 ----a-w- c:\program files\Realtek\Diagnostics Utility\8169Diag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 19:35 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 13:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-02-26 15:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2009-12-08 00:55 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-15 16:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1222568482\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AssistantTools.com\\Music Tag Editor\\Music Tag Editor.exe"=
"c:\\Documents and Settings\\Rob\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33967:TCP"= 33967:TCP:Utor1

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/17/2010 6:20 PM 52872]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/27/2010 8:47 PM 28552]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [1/22/2010 9:49 PM 902432]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/17/2010 6:20 PM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/17/2010 6:20 PM 242696]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [1/22/2010 9:49 PM 2326920]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/13/2010 2:45 PM 308064]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [9/15/2008 12:11 PM 8960]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [1/22/2010 9:49 PM 159168]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/18/2009 8:53 PM 721904]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [8/1/2008 12:02 AM 81920]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/21/2010 7:01 PM 135664]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [9/15/2008 12:11 PM 11264]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [9/15/2008 12:11 PM 16640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 23:01]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
Trusted Zone: caldirectsecuredocs.com\www
Trusted Zone: com\pennwest-edocs
Trusted Zone: ditechsecuredocs.com\www
Trusted Zone: ditechsecuredocs.net\www
Trusted Zone: elynx.net\ctest
Trusted Zone: elynx.net\forms
Trusted Zone: elynx.net\gmacforms
Trusted Zone: elynx.net\pro
Trusted Zone: elynx.net\secure
Trusted Zone: elynx.net\usign
Trusted Zone: elynx.net\webpost
Trusted Zone: gmacmsecuredocs.com\www
Trusted Zone: gmacmsecuredocs.net\www
Trusted Zone: gmamcsecuredocs.com\www
Trusted Zone: ss3.swiftsend.com\loandocs
Trusted Zone: swiftsend.com\docs
Trusted Zone: swiftsend.com\loandocs
Trusted Zone: swiftsend2.com\docs
Trusted Zone: swiftsend2.com\loandocs
Trusted Zone: swiftview.com\www
Trusted Zone: wamuloandocs.com\www
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://scan.networkmagic.com/nmscan/dow ... -WD.V1.cab
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?inv ... box&query=
FF - component: c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsview.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 20:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1584)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2010-04-01 20:13:22
ComboFix-quarantined-files.txt 2010-04-02 00:13
ComboFix2.txt 2008-11-01 00:13
ComboFix3.txt 2008-11-01 00:06
ComboFix4.txt 2008-10-31 00:37

Pre-Run: 79,649,275,904 bytes free
Post-Run: 79,874,764,800 bytes free

- - End Of File - - 8F96D7D11B7FE1FD3F59D913449065E6
clsgman
Regular Member
 
Posts: 16
Joined: March 26th, 2010, 9:10 pm

Re: Re-Directing When I Try to Update

Unread postby deltalima » April 2nd, 2010, 4:07 pm

Hi clsgman,

The log shows that Combofix did not delete any network drivers so the missing Internet connection is likely to be connected with the DNS hijack that has been removed.

If you still have no Internet access then please copy this batch file to the computer.

Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    @echo off
    Net statistics workstation >> results.txt 2>>&1
    Ipconfig /all >> results.txt 2>>&1
    Ping ftp.demon.net >> results.txt 2>>&1
    Ping 194.159.255.135 >> results.txt 2>>&1
    start notepad results.txt
    Del %0
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Double click the file xxx.bat to execute.

results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Re-Directing When I Try to Update

Unread postby clsgman » April 2nd, 2010, 4:54 pm

Here are the results.txt from xxx.bat. Hope this helps restore my internet access.

Workstation Statistics for \\VOSTRO


Statistics since 4/2/2010 4:46 PM


Bytes received 0
Server Message Blocks (SMBs) received 1
Bytes transmitted 0
Server Message Blocks (SMBs) transmitted 0
Read operations 0
Write operations 0
Raw reads denied 0
Raw writes denied 0

Network errors 0
Connections made 0
Reconnections made 0
Server disconnects 0

Sessions started 0
Hung sessions 0
Failed sessions 0
Failed operations 0
Use count 0
Failed use count 0

The command completed successfully.



Windows IP Configuration



Host Name . . . . . . . . . . . . : VOSTRO

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-21-9B-10-A9-86

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.10

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

Ping request could not find host ftp.demon.net. Please check the name and try again.



Pinging 194.159.255.135 with 32 bytes of data:



Reply from 194.159.255.135: bytes=32 time=90ms TTL=242

Reply from 194.159.255.135: bytes=32 time=88ms TTL=242

Reply from 194.159.255.135: bytes=32 time=89ms TTL=242

Reply from 194.159.255.135: bytes=32 time=87ms TTL=242



Ping statistics for 194.159.255.135:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 90ms, Average = 88ms
clsgman
Regular Member
 
Posts: 16
Joined: March 26th, 2010, 9:10 pm

Re: Re-Directing When I Try to Update

Unread postby clsgman » April 2nd, 2010, 5:37 pm

Hi:

Based on your last email, I restored the DHCP server by clicking on automatic IP instead of selecting an address which it had changed. All seems to be working again including my ability to update my malwarebytes program. No longer being re-directed.

Thanks very much for your time. Appreciated.

Out of curiousity, what was the infected file or files?
clsgman
Regular Member
 
Posts: 16
Joined: March 26th, 2010, 9:10 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 271 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware