Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

yet another search engine redirection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: yet another search engine redirection

Unread postby Scop » April 27th, 2011, 7:28 pm

Next log:

2011/04/27 16:13:36.0421 2960 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/27 16:13:37.0390 2960 ================================================================================
2011/04/27 16:13:37.0390 2960 SystemInfo:
2011/04/27 16:13:37.0390 2960
2011/04/27 16:13:37.0390 2960 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/27 16:13:37.0390 2960 Product type: Workstation
2011/04/27 16:13:37.0390 2960 ComputerName: DILLONA
2011/04/27 16:13:37.0390 2960 UserName: Dillon
2011/04/27 16:13:37.0390 2960 Windows directory: C:\WINDOWS
2011/04/27 16:13:37.0390 2960 System windows directory: C:\WINDOWS
2011/04/27 16:13:37.0390 2960 Processor architecture: Intel x86
2011/04/27 16:13:37.0390 2960 Number of processors: 1
2011/04/27 16:13:37.0390 2960 Page size: 0x1000
2011/04/27 16:13:37.0390 2960 Boot type: Normal boot
2011/04/27 16:13:37.0390 2960 ================================================================================
2011/04/27 16:13:38.0531 2960 Initialize success
2011/04/27 16:16:17.0437 0720 ================================================================================
2011/04/27 16:16:17.0437 0720 Scan started
2011/04/27 16:16:17.0437 0720 Mode: Manual;
2011/04/27 16:16:17.0437 0720 ================================================================================
2011/04/27 16:16:20.0750 0720 2WIREPCP (6551c1cf190df3e12c435a085987fba0) C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
2011/04/27 16:16:21.0812 0720 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/27 16:16:22.0359 0720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/27 16:16:23.0453 0720 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/27 16:16:24.0281 0720 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/27 16:16:26.0015 0720 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/27 16:16:26.0984 0720 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/27 16:16:28.0937 0720 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/27 16:16:29.0625 0720 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/27 16:16:30.0937 0720 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/27 16:16:31.0656 0720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/27 16:16:32.0453 0720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/27 16:16:33.0109 0720 btaudio (5d0ba6d229996a5f640f571ad478e532) C:\WINDOWS\system32\drivers\btaudio.sys
2011/04/27 16:16:34.0265 0720 BTKRNL (b637f1d425e13c206ef3c2028dd72e6a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/04/27 16:16:35.0390 0720 BTWDNDIS (59a6c89408366364ad3d8ab66c771bd5) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/04/27 16:16:35.0921 0720 BTWUSB (a93097a2962b14809939ff3259684327) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/04/27 16:16:36.0515 0720 CAMCAUD (4ebc37b6677a6768b307ae40839d788f) C:\WINDOWS\system32\drivers\camc6aud.sys
2011/04/27 16:16:37.0625 0720 CAMCHALA (9a38fc432ad8b3400cefb70a7236979e) C:\WINDOWS\system32\drivers\camc6hal.sys
2011/04/27 16:16:38.0609 0720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/27 16:16:39.0093 0720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/27 16:16:39.0359 0720 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/27 16:16:39.0687 0720 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/27 16:16:40.0265 0720 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/27 16:16:40.0734 0720 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/27 16:16:41.0796 0720 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/27 16:16:42.0171 0720 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/27 16:16:42.0453 0720 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/27 16:16:42.0734 0720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/27 16:16:43.0031 0720 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/27 16:16:43.0328 0720 Dot4 HPH09 (577dc4c5f7102ba9957f302942eb2da4) C:\WINDOWS\system32\DRIVERS\hphid409.sys
2011/04/27 16:16:43.0609 0720 Dot4Print HPH09 (d559e03b3168bc00011dd2b6f443ac71) C:\WINDOWS\system32\DRIVERS\hphipr09.sys
2011/04/27 16:16:43.0906 0720 Dot4Storage HPH09 (7e90e0199786c4bda3cf675b93544939) C:\WINDOWS\system32\Drivers\hphs2k09.sys
2011/04/27 16:16:44.0171 0720 Dot4Usb HPH09 (afcaa5b28bd1a3f9645e7ebee217c365) C:\WINDOWS\system32\drivers\hphius09.sys
2011/04/27 16:16:44.0718 0720 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/27 16:16:45.0015 0720 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
2011/04/27 16:16:45.0265 0720 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
2011/04/27 16:16:45.0562 0720 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/27 16:16:45.0843 0720 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/27 16:16:46.0125 0720 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/27 16:16:46.0375 0720 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/27 16:16:46.0625 0720 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/27 16:16:46.0953 0720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/27 16:16:47.0343 0720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/27 16:16:47.0593 0720 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/27 16:16:47.0875 0720 GT680x (4a2102ddf08472527b4872fa68ee87d1) C:\WINDOWS\system32\Drivers\gt680x.sys
2011/04/27 16:16:48.0453 0720 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/04/27 16:16:48.0812 0720 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/04/27 16:16:49.0078 0720 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/27 16:16:49.0812 0720 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/27 16:16:50.0234 0720 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/04/27 16:16:50.0640 0720 IFP800 (7d19431e613a70262e5586fa76bb29f0) C:\WINDOWS\system32\drivers\ifp800.sys
2011/04/27 16:16:51.0000 0720 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/27 16:16:51.0640 0720 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/27 16:16:51.0921 0720 intelppm (cc3a1132a044e3d4bf8821c897af5f6c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/27 16:16:51.0921 0720 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys. Real md5: cc3a1132a044e3d4bf8821c897af5f6c, Fake md5: 8c953733d8f36eb2133f5bb58808b66b
2011/04/27 16:16:51.0937 0720 intelppm - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/04/27 16:16:52.0203 0720 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/27 16:16:52.0484 0720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/27 16:16:52.0750 0720 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/27 16:16:53.0031 0720 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/27 16:16:53.0296 0720 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/27 16:16:53.0546 0720 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/27 16:16:53.0812 0720 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/27 16:16:54.0125 0720 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/27 16:16:54.0375 0720 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/27 16:16:54.0687 0720 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/27 16:16:55.0265 0720 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/04/27 16:16:55.0546 0720 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/27 16:16:55.0812 0720 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/04/27 16:16:56.0109 0720 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/04/27 16:16:56.0390 0720 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/04/27 16:16:56.0640 0720 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/04/27 16:16:56.0937 0720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/27 16:16:57.0203 0720 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/27 16:16:57.0468 0720 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/27 16:16:57.0718 0720 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/27 16:16:58.0031 0720 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/04/27 16:16:59.0156 0720 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/27 16:16:59.0437 0720 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/27 16:16:59.0734 0720 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/27 16:17:00.0031 0720 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/27 16:17:00.0281 0720 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/27 16:17:00.0531 0720 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/27 16:17:00.0796 0720 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/27 16:17:01.0078 0720 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/27 16:17:01.0359 0720 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/27 16:17:01.0625 0720 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/27 16:17:01.0953 0720 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/27 16:17:02.0218 0720 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/27 16:17:02.0484 0720 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/27 16:17:02.0750 0720 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/27 16:17:03.0031 0720 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/27 16:17:03.0328 0720 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/27 16:17:03.0578 0720 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/27 16:17:03.0890 0720 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/27 16:17:04.0171 0720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/27 16:17:04.0453 0720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/27 16:17:04.0750 0720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/27 16:17:05.0312 0720 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/27 16:17:05.0593 0720 PalmUSBD (71e2ea2e02828d492add2baab297657d) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/04/27 16:17:05.0890 0720 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/27 16:17:06.0125 0720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/27 16:17:06.0390 0720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/27 16:17:06.0640 0720 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/27 16:17:07.0156 0720 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/27 16:17:07.0406 0720 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/27 16:17:09.0140 0720 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/27 16:17:09.0390 0720 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/27 16:17:09.0671 0720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/27 16:17:11.0140 0720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/27 16:17:11.0421 0720 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/04/27 16:17:11.0687 0720 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/27 16:17:12.0125 0720 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/27 16:17:12.0390 0720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/27 16:17:12.0656 0720 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/27 16:17:12.0953 0720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/27 16:17:13.0234 0720 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/27 16:17:13.0546 0720 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/27 16:17:14.0031 0720 RT25USBAP (9c377dbf9d2d19098db935dc1e8361a3) C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
2011/04/27 16:17:14.0328 0720 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/04/27 16:17:14.0640 0720 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/04/27 16:17:15.0015 0720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/27 16:17:15.0312 0720 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/27 16:17:15.0562 0720 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/27 16:17:15.0906 0720 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/27 16:17:16.0406 0720 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/04/27 16:17:16.0921 0720 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/27 16:17:17.0187 0720 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/27 16:17:17.0484 0720 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/27 16:17:17.0734 0720 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
2011/04/27 16:17:18.0046 0720 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
2011/04/27 16:17:18.0296 0720 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
2011/04/27 16:17:18.0593 0720 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/27 16:17:18.0859 0720 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/27 16:17:20.0125 0720 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/04/27 16:17:20.0375 0720 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/27 16:17:20.0687 0720 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/27 16:17:21.0000 0720 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/27 16:17:21.0250 0720 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/27 16:17:21.0500 0720 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/27 16:17:21.0796 0720 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/04/27 16:17:22.0296 0720 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/27 16:17:22.0796 0720 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/27 16:17:23.0093 0720 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/27 16:17:23.0343 0720 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/27 16:17:23.0593 0720 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/27 16:17:23.0859 0720 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/27 16:17:24.0125 0720 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/27 16:17:24.0390 0720 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/27 16:17:24.0671 0720 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/27 16:17:25.0015 0720 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/27 16:17:25.0296 0720 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/27 16:17:25.0593 0720 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/27 16:17:26.0046 0720 w29n51 (3768455089fe8f3106b037465befbb0c) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/04/27 16:17:26.0500 0720 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/27 16:17:27.0093 0720 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/27 16:17:27.0421 0720 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/04/27 16:17:27.0750 0720 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/27 16:17:28.0062 0720 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/27 16:17:28.0328 0720 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/27 16:17:28.0593 0720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/27 16:17:28.0890 0720 ================================================================================
2011/04/27 16:17:28.0890 0720 Scan finished
2011/04/27 16:17:28.0890 0720 ================================================================================
2011/04/27 16:17:28.0921 1208 Detected object count: 1
2011/04/27 16:19:04.0984 1208 intelppm (cc3a1132a044e3d4bf8821c897af5f6c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/27 16:19:04.0984 1208 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys. Real md5: cc3a1132a044e3d4bf8821c897af5f6c, Fake md5: 8c953733d8f36eb2133f5bb58808b66b
2011/04/27 16:19:07.0906 1208 Backup copy found, using it..
2011/04/27 16:19:07.0937 1208 C:\WINDOWS\system32\DRIVERS\intelppm.sys - will be cured after reboot
2011/04/27 16:19:07.0937 1208 Rootkit.Win32.TDSS.tdl3(intelppm) - User select action: Cure
2011/04/27 16:19:12.0609 0352 Deinitialize success
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am
Advertisement
Register to Remove

Re: yet another search engine redirection

Unread postby Scop » April 27th, 2011, 7:32 pm

And last but not least, the two RSIT logs.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Dillon at 2011-04-27 16:30:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (15%) free of 38 GB
Total RAM: 502 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:30:50 PM, on 4/27/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dillon\desktop\rsit.exe
C:\Program Files\trend micro\Dillon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net?cid=ie8_0904
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunServices: [recursosquicktimequicktime] c:\program files\quicktime\qtsystem\quicktimevrauthoring.resources\pt.lproj\recursosquicktimequicktime.exe
O4 - HKLM\..\RunServices: [quicktimeresourcesquicktime] c:\program files\quicktime\qtsystem\quicktimeessentials.resources\ru.lproj\quicktimeresourcesquicktime.exe
O4 - HKLM\..\RunServices: [QuickTimeWebHelperQuickTimeWebHelperQuickTime765132779] c:\program files\quicktime\qtsystem\quicktimewebhelper.resources\it.lproj\quicktimewebhelperquicktime7.6.51327.79.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [irafnank] C:\Documents and Settings\Dillon\Local Settings\Application Data\enrmqj\flflsftav.exe
O4 - HKUS\S-1-5-18\..\Run: [AntiVirus_AntiSpyware_2011] "C:\WINDOWS\system32\config\systemprofile\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe" /STARTUP (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AntiVirus AntiSpyware 2011 Security] C:\WINDOWS\system32\config\systemprofile\Application Data\AntiVirus_AntiSpyware_2011\securitymanager.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AntiVirus_AntiSpyware_2011] "C:\WINDOWS\system32\config\systemprofile\Application Data\AntiVirus_AntiSpyware_2011\AntiVirus AntiSpyware.exe" /STARTUP (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubleshoo ... aptest.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7434653125
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3718.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\zzz\PEV.cfxxe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12196 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{432DC279-F38A-4F95-9128-676D04ECB646}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-04-05 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-04 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-04 688218]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2006-04-18 405504]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 233534]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"hpWirelessAssistant"=C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [2005-01-21 790528]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-11 172032]
"HPHmon03"=C:\WINDOWS\system32\hphmon03.exe [2003-01-30 311296]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
"DeviceDiscovery"=C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
""= []
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2002-12-17 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"irafnank"=C:\Documents and Settings\Dillon\Local Settings\Application Data\enrmqj\flflsftav.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMR161]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Hp\HP Software Update\HPWUCli.exe"="C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\Program Files\Common Files\AOL\1141440620\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1141440620\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
"C:\Program Files\Sierra\FEAR\fpupdate.exe"="C:\Program Files\Sierra\FEAR\fpupdate.exe:*:Disabled:fpupdate"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1141440620\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1141440620\ee\aolsoftware.exe:*:Disabled:AOL Services"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 3 months======

2011-04-27 16:13:36 ----A---- C:\TDSSKiller.2.4.21.0_27.04.2011_16.13.36_log.txt
2011-04-26 22:51:11 ----ASH---- C:\hiberfil.sys
2011-04-26 22:02:43 ----SD---- C:\zzz
2011-04-26 08:31:03 ----D---- C:\Documents and Settings\Dillon\Application Data\com.amazon.music.uploader
2011-04-26 08:27:31 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-04-24 16:24:26 ----A---- C:\Boot.bak
2011-04-24 16:24:16 ----RASHD---- C:\cmdcons
2011-04-24 16:18:32 ----A---- C:\WINDOWS\zip.exe
2011-04-24 16:18:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-04-24 16:18:32 ----A---- C:\WINDOWS\SWSC.exe
2011-04-24 16:18:32 ----A---- C:\WINDOWS\SWREG.exe
2011-04-24 16:18:32 ----A---- C:\WINDOWS\sed.exe
2011-04-24 16:18:32 ----A---- C:\WINDOWS\PEV.exe
2011-04-24 16:18:32 ----A---- C:\WINDOWS\NIRCMD.exe
2011-04-24 16:18:32 ----A---- C:\WINDOWS\MBR.exe
2011-04-24 16:18:32 ----A---- C:\WINDOWS\grep.exe
2011-04-24 16:18:17 ----D---- C:\WINDOWS\ERDNT
2011-04-24 16:17:31 ----D---- C:\Qoobox
2011-04-24 09:01:42 ----D---- C:\Program Files\trend micro
2011-04-24 09:01:36 ----D---- C:\rsit
2011-04-14 14:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-04-14 14:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-04-14 14:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-04-14 13:51:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-04-14 13:50:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-04-14 13:49:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-04-14 13:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-04-14 13:49:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2511455$
2011-04-14 13:48:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-04-14 13:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-04-05 18:49:25 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2011-04-05 18:48:41 ----A---- C:\WINDOWS\system32\javaws.exe
2011-04-05 18:48:41 ----A---- C:\WINDOWS\system32\javaw.exe
2011-04-05 18:48:41 ----A---- C:\WINDOWS\system32\java.exe
2011-04-05 18:48:41 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-03-23 21:59:25 ----D---- C:\Program Files\NOS
2011-03-23 12:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-03-22 15:13:53 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2011-03-22 15:10:22 ----D---- C:\Program Files\Microsoft Security Client
2011-03-12 23:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-03-09 08:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 08:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-02-27 21:18:19 ----D---- C:\Program Files\Windows Sidebar
2011-02-27 20:56:27 ----A---- C:\WINDOWS\ntbtlog.txt
2011-02-27 08:54:06 ----D---- C:\Documents and Settings\All Users\Application Data\mMcHmPf06300
2011-02-09 17:49:53 ----D---- C:\Program Files\Microsoft
2011-02-09 15:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-09 15:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-09 15:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-09 15:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-09 10:35:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-09 10:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-09 10:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$

======List of files/folders modified in the last 3 months======

2011-04-27 16:28:15 ----SD---- C:\WINDOWS\Tasks
2011-04-27 16:27:10 ----D---- C:\WINDOWS\system32
2011-04-27 16:27:10 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-04-27 16:22:01 ----D---- C:\WINDOWS\Temp
2011-04-27 16:21:11 ----D---- C:\WINDOWS\system32\drivers
2011-04-27 16:20:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-27 16:13:45 ----D---- C:\WINDOWS\Prefetch
2011-04-27 16:07:06 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-26 22:04:48 ----D---- C:\WINDOWS
2011-04-26 08:30:13 ----SHD---- C:\WINDOWS\Installer
2011-04-26 08:30:13 ----HD---- C:\Config.Msi
2011-04-26 08:29:42 ----D---- C:\Program Files\Adobe
2011-04-26 08:27:31 ----D---- C:\Program Files\Common Files
2011-04-26 08:26:46 ----D---- C:\Program Files\Amazon
2011-04-25 23:44:18 ----D---- C:\Downloads
2011-04-25 23:39:33 ----HD---- C:\WINDOWS\inf
2011-04-25 23:39:30 ----D---- C:\Program Files\Common Files\Sonic Shared
2011-04-25 23:37:31 ----RD---- C:\Program Files
2011-04-25 23:19:10 ----D---- C:\Program Files\Common Files\AOL
2011-04-25 23:18:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-04-24 16:24:26 ----RASH---- C:\boot.ini
2011-04-24 16:09:36 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2011-04-24 16:08:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-04-15 12:07:26 ----D---- C:\WINDOWS\Microsoft.NET
2011-04-15 12:07:19 ----RSD---- C:\WINDOWS\assembly
2011-04-14 14:11:12 ----A---- C:\WINDOWS\win.ini
2011-04-14 14:09:23 ----HD---- C:\WINDOWS\$hf_mig$
2011-04-14 14:06:19 ----A---- C:\WINDOWS\imsins.BAK
2011-04-14 14:06:15 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-04-14 14:04:26 ----D---- C:\Program Files\Internet Explorer
2011-04-14 14:02:05 ----D---- C:\WINDOWS\WinSxS
2011-04-14 13:44:15 ----A---- C:\WINDOWS\system32\MRT.exe
2011-04-14 13:43:06 ----D---- C:\WINDOWS\ie8updates
2011-04-05 18:49:18 ----D---- C:\Program Files\Common Files\Java
2011-04-05 18:43:10 ----D---- C:\Program Files\Java
2011-03-23 21:59:40 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2011-03-22 15:11:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-03-22 14:57:06 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2011-03-22 14:57:00 ----SHD---- C:\System Volume Information
2011-03-22 14:53:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-03-06 22:33:50 ----A---- C:\WINDOWS\system32\inetcomm.dll
2011-03-03 23:37:06 ----A---- C:\WINDOWS\system32\vbscript.dll
2011-03-03 23:37:06 ----A---- C:\WINDOWS\system32\jscript.dll
2011-03-02 23:55:19 ----A---- C:\WINDOWS\system32\dnsapi.dll
2011-03-01 08:35:49 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2011-02-28 09:56:56 ----D---- C:\Documents and Settings\Dillon\Application Data\Move Networks
2011-02-27 20:26:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-02-27 20:06:59 ----D---- C:\Documents and Settings
2011-02-27 13:43:02 ----AD---- C:\SwSetup
2011-02-23 19:40:16 ----D---- C:\WINDOWS\Help
2011-02-22 16:06:29 ----N---- C:\WINDOWS\system32\occache.dll
2011-02-22 16:06:29 ----N---- C:\WINDOWS\system32\mstime.dll
2011-02-22 16:06:29 ----N---- C:\WINDOWS\system32\jsproxy.dll
2011-02-22 16:06:29 ----A---- C:\WINDOWS\system32\wininet.dll
2011-02-22 16:06:29 ----A---- C:\WINDOWS\system32\urlmon.dll
2011-02-22 16:06:29 ----A---- C:\WINDOWS\system32\mshtmled.dll
2011-02-22 16:06:29 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-02-22 16:06:29 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2011-02-22 16:06:29 ----A---- C:\WINDOWS\system32\msfeeds.dll
2011-02-22 16:06:29 ----A---- C:\WINDOWS\system32\licmgr10.dll
2011-02-22 16:06:28 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2011-02-22 16:06:28 ----A---- C:\WINDOWS\system32\iertutil.dll
2011-02-22 16:06:28 ----A---- C:\WINDOWS\system32\iepeers.dll
2011-02-22 16:06:28 ----A---- C:\WINDOWS\system32\ieframe.dll
2011-02-18 04:49:53 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2011-02-17 05:32:12 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2011-02-15 05:56:39 ----A---- C:\WINDOWS\system32\atmfd.dll
2011-02-09 06:53:52 ----A---- C:\WINDOWS\system32\sbe.dll
2011-02-09 06:53:52 ----A---- C:\WINDOWS\system32\encdec.dll
2011-02-08 06:33:55 ----A---- C:\WINDOWS\system32\mfc42u.dll
2011-02-08 06:33:55 ----A---- C:\WINDOWS\system32\mfc42.dll
2011-02-02 00:58:35 ----A---- C:\WINDOWS\system32\mstscax.dll
2011-01-31 15:32:22 ----D---- C:\Program Files\FreeTime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2011-04-27 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-11-14 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2004-11-29 1337850]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-02-17 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-17 349696]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-14 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-12-14 207232]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-12-02 70912]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-04 186016]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-12-11 2209536]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-14 703232]
S0 IFP800;iriver Internet Audio Player IFP-800; C:\WINDOWS\system32\drivers\ifp800.sys [2004-03-29 14531]
S1 MpKsl18e74faf;MpKsl18e74faf; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9DBF00-4EC0-4AD2-BB90-EE9BBF296FF5}\MpKsl18e74faf.sys []
S1 MpKsl3012dce8;MpKsl3012dce8; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9DBF00-4EC0-4AD2-BB90-EE9BBF296FF5}\MpKsl3012dce8.sys []
S1 MpKsl47654546;MpKsl47654546; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D190D73-1BCB-4679-8637-0F4A7F3402EF}\MpKsl47654546.sys []
S1 MpKsl5cae0751;MpKsl5cae0751; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA28EEDE-0D14-4B93-AAEE-E5F4435B9BDD}\MpKsl5cae0751.sys []
S1 MpKsl5e870acb;MpKsl5e870acb; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5363D11A-073A-477C-AF8C-5911FB120E4D}\MpKsl5e870acb.sys []
S1 MpKsl8256047d;MpKsl8256047d; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{42B3415E-53FF-49B0-A788-E1651AE75A36}\MpKsl8256047d.sys []
S1 MpKsldd31af8b;MpKsldd31af8b; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C14E954D-98C7-44A9-82BC-41AA19C485DA}\MpKsldd31af8b.sys []
S3 2WIREPCP;2Wire USB; C:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2002-09-23 68672]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-11-29 399616]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2004-11-29 148040]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-11-29 55320]
S3 catchme;catchme; \??\C:\DOCUME~1\Dillon\LOCALS~1\Temp\catchme.sys []
S3 Dot4 HPH09;Dot4 HPH09; C:\WINDOWS\system32\DRIVERS\hphid409.sys [2003-01-30 50800]
S3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09; C:\WINDOWS\system32\DRIVERS\hphipr09.sys [2003-01-30 16112]
S3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09); C:\WINDOWS\System32\Drivers\hphs2k09.sys [2003-01-30 50211]
S3 Dot4Usb HPH09;Dot4Usb HPH09; C:\WINDOWS\System32\drivers\hphius09.sys [2003-01-30 18864]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 GT680x;GrandTechICNameNT; C:\WINDOWS\System32\Drivers\gt680x.sys [2001-11-08 18120]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 o1394bul;o1394bul; \??\C:\DOCUME~1\Dillon\LOCALS~1\Temp\o1394bul.sys []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2001-11-20 12338]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2010-12-20 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2010-12-20 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2010-12-20 121576]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2004-11-29 254007]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-12-22 98304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-04-05 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-01-13 38912]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 PEVSystemStart;PEVSystemStart; C:\zzz\PEV.cfxxe [2010-04-26 256512]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-17 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver;Pml Driver; C:\WINDOWS\system32\HPHipm09.exe [2003-01-30 77824]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2011-04-27 16:31:04

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {F8131A35-47FD-27AD-116D-0E79AF5DE5EE}
Acrobat.com-->MsiExec.exe /I{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -maintain activex
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adventure Game Studio 3.1.2 SP1-->"C:\Program Files\Adventure Game Studio 3.1.2 SP1\unins000.exe"
Amazon MP3 Downloader 1.0.12-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Amazon MP3 Uploader-->msiexec /qb /x {9A0F591C-6ACB-225D-7CEE-4C5F9BEFEB7D}
Amazon MP3 Uploader-->MsiExec.exe /I{9A0F591C-6ACB-225D-7CEE-4C5F9BEFEB7D}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AT&T Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant AC-Link Audio-->CIAunwdm.exe
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
FEAR SP Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520B1077-6B1F-4B9B-B7BC-8CD2F04982C3}\setup.exe" -l0x9 -removeonly
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
hp deskjet 3500-->msiexec /x{8FD62EBB-3175-4907-A326-989B14E5C757}
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Image Zone 4.8.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.8.5-->C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp photosmart 1115 series-->rundll32 hpzcon04.dll,VendorJettison hp photosmart 1115 series
hp photosmart printer series (Remove only)-->C:\Program Files\hp photosmart\printer\hphuni03.exe
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0001-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06ECCCF4-9295-468E-851C-9529A7C181E8}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9
HPIZplus450-->MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
iriver Music Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5986F167-4C6C-4D03-9706-E1189B2A1462}\Setup.exe" -l0x9 anything
iRiver Updater-->C:\Program Files\iRiver\iRiver Manager\Updater\uninst.exe
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
King's Quest Collection(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29BB5153-133B-4C82-AF51-BF303F2BFD63}\setup.exe" -l0x9 -removeonly
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Security Client-->MsiExec.exe /I{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Palm Desktop-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\setup.exe" Uninstall
Quick Launch Buttons 5.20 H1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\Setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C\HXFSETUP.EXE -U -IQTA3080K.INF
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982664)-->"C:\WINDOWS\ie8updates\KB982664-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{E6158D07-2637-4ECF-B576-37C489669174}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}
Windows Live Messenger-->MsiExec.exe /X{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE

======Security center information======

AV: Microsoft Security Essentials (disabled)

======System event log======

Computer Name: DILLONA
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 56297
Source Name: Ftdisk
Time Written: 20110420131849.000000-420
Event Type: error
User:

Computer Name: DILLONA
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 56291
Source Name: Ftdisk
Time Written: 20110420123537.000000-420
Event Type: error
User:

Computer Name: DILLONA
Event Code: 7000
Message: The Automatic LiveUpdate Scheduler service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 56268
Source Name: Service Control Manager
Time Written: 20110420083456.000000-420
Event Type: error
User:

Computer Name: DILLONA
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.

Record Number: 56267
Source Name: Ftdisk
Time Written: 20110420083443.000000-420
Event Type: error
User:

Computer Name: DILLONA
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.

Record Number: 56266
Source Name: Ftdisk
Time Written: 20110420083443.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: DILLONA
Event Code: 1517
Message: Windows saved user DILLONA\Dillon registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 13207
Source Name: Userenv
Time Written: 20091108181228.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DILLONA
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 13206
Source Name: Userenv
Time Written: 20091108181223.000000-480
Event Type: warning
User: DILLONA\Dillon

Computer Name: DILLONA
Event Code: 0
Message:

1) Exception Information
*********************************************
Exception Type: System.InvalidOperationException
Message: Your McAfee Backup and Restore user settings file does not exist.
TargetSite: Void SetPaths()
HelpLink: NULL
Source: MBKSilentInstaller

StackTrace Information
*********************************************
at MBKSilentInstaller.MBKUninstallationWizard.SetPaths()
at MBKSilentInstaller.MBKUninstallationWizard.HandleMBKUninstallation(Form owner)

2) Exception Information
*********************************************
Exception Type: System.IO.FileNotFoundException
Message: Could not find file "C:\Documents and Settings\All Users\Application Data\McAfee\MBK\UserBindingInfo.xml".
FileName: C:\Documents and Settings\All Users\Application Data\McAfee\MBK\UserBindingInfo.xml
FusionLog: NULL
TargetSite: System.Collections.Hashtable LoadBindingInfo()
HelpLink: NULL
Source: Arbus.Common

StackTrace Information
*********************************************
at Arbus.Common.UserPathConfigurationHelper.LoadBindingInfo()
at MBKSilentInstaller.MBKUninstallationWizard.SetPaths()

Record Number: 13199
Source Name: McAfee Backup and Restore
Time Written: 20091108180811.000000-480
Event Type: error
User:

Computer Name: DILLONA
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 13171
Source Name: crypt32
Time Written: 20091107213739.000000-480
Event Type: error
User:

Computer Name: DILLONA
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 13170
Source Name: crypt32
Time Written: 20091107213738.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby vict0r » April 27th, 2011, 7:43 pm

Hi.

Now we can try Combofix again. First re-run rkill then delete your copy of Combofix (zzz.exe) on your desktop and download it again:


Download ComboFix

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper.

**IMPORTANT !!! Save ComboFix.exe to your Desktop**.

Please rename ComboFix when you save the file to the desktop. Right click one of the following links and choose "Save as". name the file zzz(.exe), do not run the tool yet:

Link1
Link2


Disable Microsoft Security Essentials

Make sure MSE is disabled:

  • Open Microsoft Security Essentials (MSE) and go to Settings > Real Time Protection.
  • Then uncheck "Turn on real time protection".
  • Close MSE when done.


OT Helper

Please right click the following link and choose Save Link As...:
OTH ... by Old Timer.
Save it to your desktop as master.exe.

  • Save all work and close all programs, the next step will stop nearly every process on your computer!
  • Double click on master.exe to run OT Helper and click Kill All Processes.
  • Click Start Misc Program and navigate to your desktop.
  • Double click the zzz icon (Combofix) to run it and wait for the scan to finish.
  • Click Reboot in OT Helper if Combofix has not rebooted the computer.

If OT Helper will not run, then right click the following link and choose Save Link As...:
OTH ... by Old Timer.
Save it to your desktop as master.scr and double click the icon.

Please include the ComboFix log (C:\ComboFix.txt) in your next reply for further review and make sure MSE is re-enabled after Combofix is finished.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: yet another search engine redirection

Unread postby Scop » April 27th, 2011, 11:43 pm

Still no dice with ComboFix. OTH appears to be working fine, but even using it, ComboFix comes to a stall in the exact same place. I was sure that was going to make it work finally. Well, crap.
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby vict0r » April 28th, 2011, 4:49 am

Hi.

Please re-run rkill again, close the log when finished.


Uninstall misc programs

  • Click on Start > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Wait for the list of programs in the Add/Remove control panel to appear, then uninstall these programs:

    Adobe Reader 9.3 << Outdated
    Quicktime << You can reinstall later if needed

Note: Adobe Reader is a large program and if you prefer a smaller program you can get Foxit 4.3 instead from the following link:http://cdn01.foxitsoftware.com/pub/foxit/reader/desktop/win/4.x/4.3/enu/FoxitReader431_enu_Setup.exe

Note: During Foxit's Setup/Installation process after the license agreement, uncheck the following boxes and click Decline to avoid installation of The Foxit Search Bar powered by Ask:
  • Make Ask my browser default search provider
  • Set Ask.com as my homepage


Malwarebytes' Anti-Malware

Just so you know, I will not be surprised if this program will not install/run successfully. If so just continue with the next step.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Backup registry with ERUNT

  • Please download ERUNT and save it to your desktop.
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Then do not follow the OTL instructions below.


Run OTL Script

Please download OTL.exe by OldTimer and save it to your desktop.

This OTL script will reboot the computer. Save all work before continuing.

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    ""= -
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "irafnank"=-
    :files
    c:\program files\quicktime
    C:\Documents and Settings\Dillon\Local Settings\Application Data\enrmqj
    C:\WINDOWS\system32\config\systemprofile\Application Data\AntiVirus_AntiSpyware_2011
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Scan With RKUnHooker

  • Please Download (right click the link and choose Save Link As...) Rootkit Unhooker, save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it. Allow the following program if the firewall pops up an alert.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth Code, Files, Code Hooks. Uncheck the rest. then Click OK. Choose the C: drive if asked for where to scan files.
  • Wait until the scanner has finished and then click File -> Save Report.
    * * This can take a while. Please be patient * *.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in your next reply.
  • This log can be lengthy you may have to post it over several replies
Note: If you get the following warning, click Ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"



OTL

You can follow this step even if the Erunt backup failed.

  • Double click on OTL.exe (on your desktop) to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  • Click on the Run Scan button at the top left hand corner.
  • OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.


If MBAM failed, please try again now.

Please post:
  • The MBAM log
  • The OTL-log (script)
  • RKUnhooker-log
  • The OTL-log (scan)
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: yet another search engine redirection

Unread postby Scop » April 28th, 2011, 3:00 pm

Huzzah, progress!

Yes, the idea of a sleeker PDF reader is very appealing to me after suffering under Adobe Reader for many years. I'll look Foxit once this is resolved.

You were correct in your prediction about MBAM. It installed without a hitch and ran like a top, but threw up a 'Malwarebytes AntiMalware has encountered an error and needs to close' message 14 minutes and 37 seconds into the scan, after finding 14 objects. Very suddenly and right in the middle of functioning fine, too; I'm more used to seeing that error message when something is in a stall. But after completing the other steps and retrying MBAM, it ran with no problems, received its requested reboot, and generated the following log:



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6464

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/28/2011 11:41:12 AM
mbam-log-2011-04-28 (11-41-12).txt

Scan type: Quick scan
Objects scanned: 159912
Time elapsed: 14 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Temp\m.21c.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Dillon\local settings\application data\vyt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Other logs to follow.
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby Scop » April 28th, 2011, 3:11 pm

ERUNT functioned with no difficulties, and I ran the script. It took me a minute to remember where the OTL script report ended up, but then I recalled that I'd used File > Save As to double-check where it ended up, since it wasn't on my Desktop. It was under C:\_OTL/MovedFiles/.



========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\irafnank deleted successfully.
========== FILES ==========
c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\it.lproj folder moved successfully.
c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources folder moved successfully.
c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pt.lproj folder moved successfully.
c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources folder moved successfully.
c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ru.lproj folder moved successfully.
c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources folder moved successfully.
c:\program files\QuickTime\QTSystem folder moved successfully.
c:\program files\QuickTime folder moved successfully.
C:\Documents and Settings\Dillon\Local Settings\Application Data\enrmqj folder moved successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\AntiVirus_AntiSpyware_2011 folder moved successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 04282011_095911

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby Scop » April 28th, 2011, 3:16 pm

RKUnHooker took some time, but it also functioned well. First Paste of its log follows:



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF77B0000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 2211840 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7A16000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1400832 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF7389000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 1323008 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xF75A6000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1040384 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF07C000 C:\WINDOWS\System32\ialmdd5.DLL 978944 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xF74FA000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 704512 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF8276000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA3DD000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7303000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA4EA000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9975000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF771E000 C:\WINDOWS\system32\drivers\camc6hal.sys 352256 bytes (Conexant Systems Inc., Conexant AmcHal Driver)
0xBF16B000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA963C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF043000 C:\WINDOWS\System32\ialmdev5.DLL 233472 bytes (Intel Corporation, Component GHAL Driver)
0xF76A4000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 208896 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF83C5000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF74CC000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 188416 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xA9AE5000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8249000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA9319000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA475000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAA4C2000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7788000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xAA6F7000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xF76FA000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF79DE000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF76D7000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA4A0000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF021000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF833F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF8377000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF8396000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF822F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF835F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA3C5000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8316000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7372000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9FF0000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7774000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF7A02000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA543000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF8303000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF79CC000 C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 73728 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF832D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF83B4000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7361000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7BEC000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF85F4000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8584000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF8504000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF8564000 serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8754000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF85C4000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 61440 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8604000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAA5C6000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8694000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8514000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF8554000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF85D4000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8614000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8534000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8634000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8734000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF85E4000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8524000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8624000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF85B4000 C:\WINDOWS\system32\drivers\camc6aud.sys 40960 bytes (Conexant Systems Inc., Conexant WDM AC97 Audio Driver)
0xF84F4000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8664000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8654000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8544000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF85A4000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8644000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8724000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA9725000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF8744000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF88B4000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF87C4000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF88AC000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8774000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF88BC000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF88C4000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF88A4000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF87B4000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF87BC000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF877C000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF88D4000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF88DC000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF88CC000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF87D4000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF890C000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF89C4000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF8914000 ifp800.sys 16384 bytes (iRiver, Inc., iRiver Internet Audio Player USB Driver)
0xF81D6000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA165000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8910000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF8904000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8908000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA732000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA9ADD000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF81E6000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF89CC000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF81EA000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF89FC000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF8A66000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8A7A000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8A6C000 C:\WINDOWS\system32\drivers\EABFiltr.sys 8192 bytes (Hewlett-Packard Development Company, L.P., QLB PS/2 Keyboard filter driver)
0xF8A64000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF89F8000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF89F4000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8AA6000 C:\WINDOWS\System32\Drivers\MCSTRM.SYS 8192 bytes (RealNetworks, Inc., RealNetworks Virtual Path Manager®)
0xF8A68000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8A6A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8A26000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF89FE000 C:\WINDOWS\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF89FA000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF89F6000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8BE9000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8B21000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8BD9000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8ABD000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8ABC000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\Dillon\Local Settings\Temporary Internet Files\Content.IE5\0T3A538C\ggmain[1].rss
!-->[Hidden] C:\Documents and Settings\Dillon\Local Settings\Temporary Internet Files\Content.IE5\FWHWN6KJ\feed[1].txt
!-->[Hidden] C:\Documents and Settings\Dillon\Local Settings\Temporary Internet Files\Content.IE5\LIPEGVUM\rss[1].xml
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ORKPEZ8R\252F%2526refer%253Dhttp%25253A%25252F%25252Fwww.gossipcenter[1].com%25252Fpeoples-choice-awards-2011%25252Fmila-kunis-pretties-peoples-choice-awards-454013]
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ORKPEZ8R\252F%2526refer%253Dhttp%25253A%25252F%25252Fwww.gossipcenter[2].com%25252Fpeoples-choice-awards-2011%25252Fmila-kunis-pretties-peoples-choice-awards-454013]
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006AB0A, Type: Inline - RelativeJump 0x80541B0A-->80541B11 [ntkrnlpa.exe]
[1420]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1420]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1420]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1420]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1420]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1420]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1420]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby Scop » April 28th, 2011, 3:24 pm

Well, all of the RKUnHooker report fit into one post after all.

You didn't seem to specify wanting one or both of the reports generated by OTL's scan, so I'm pasting both. First, OTL.txt:



OTL logfile created on: 4/28/2011 11:16:51 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dillon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 161.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.05 Gb Total Space | 6.15 Gb Free Space | 16.59% Space Free | Partition Type: NTFS

Computer Name: DILLONA | User Name: Dillon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/28 09:58:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/10/07 08:23:46 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/11/29 20:55:44 | 000,569,405 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2004/11/04 11:40:08 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/03/11 01:08:52 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2003/01/30 19:55:46 | 000,311,296 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe
PRC - [2002/12/17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2002/12/02 20:56:10 | 000,040,960 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2011/04/28 09:58:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2004/11/04 11:39:58 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2003/01/30 19:55:44 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)


========== Driver Services (SafeList) ==========

DRV - [2010/12/20 22:55:02 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/12/20 22:55:02 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/12/20 22:55:02 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2009/09/16 11:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 11:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/11/14 17:35:24 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/12/11 12:05:28 | 002,209,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2006/04/10 15:02:00 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/09/20 11:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/05 12:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 12:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/02/17 23:42:02 | 000,349,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/02/17 23:41:18 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2004/12/14 15:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/14 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/14 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/12/02 09:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/11/29 20:36:22 | 000,399,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/11/29 20:34:20 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/11/29 20:33:14 | 001,337,850 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/11/29 20:30:44 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/03/29 18:28:24 | 000,014,531 | ---- | M] (iRiver, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ifp800.sys -- (IFP800)
DRV - [2003/01/30 19:55:44 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2003/01/30 19:55:44 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2003/01/30 19:55:44 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2003/01/30 19:55:44 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2002/09/23 14:49:44 | 000,068,672 | ---- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP)
DRV - [2001/11/20 17:01:00 | 000,012,338 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/11/08 08:53:54 | 000,018,120 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customi ... ch/ie.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net?cid=ie8_0904
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2004/08/04 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hp\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\.DEFAULT..\Run: [AntiVirus AntiSpyware 2011 Security] File not found
O4 - HKU\.DEFAULT..\Run: [AntiVirus_AntiSpyware_2011] File not found
O4 - HKU\S-1-5-18..\Run: [AntiVirus AntiSpyware 2011 Security] File not found
O4 - HKU\S-1-5-18..\Run: [AntiVirus_AntiSpyware_2011] File not found
O4 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKLM..\RunServices: [quicktimeresourcesquicktime] File not found
O4 - HKLM..\RunServices: [QuickTimeWebHelperQuickTimeWebHelperQuickTime765132779] File not found
O4 - HKLM..\RunServices: [recursosquicktimequicktime] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O15 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://www.nintendowifi.com/troubleshoo ... aptest.cab (USBAPTester Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab (VerifyGMN Class)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7434653125 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax3718.cab (MsnMusicAx Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-l ... cfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dillon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dillon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a0d4432b-ee38-11db-b1a8-00150042d234}\Shell - "" = AutoRun
O33 - MountPoints2\{a0d4432b-ee38-11db-b1a8-00150042d234}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0d4432b-ee38-11db-b1a8-00150042d234}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a0d4432c-ee38-11db-b1a8-00150042d234}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 09:59:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/28 09:58:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
[2011/04/28 09:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/28 09:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/28 09:50:13 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dillon\Desktop\erunt-setup.exe
[2011/04/28 09:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Application Data\Malwarebytes
[2011/04/28 09:07:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/28 09:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/28 09:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/28 09:07:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/28 09:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/28 09:05:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dillon\Desktop\mbam-setup.exe
[2011/04/27 20:17:13 | 000,000,000 | --SD | C] -- C:\zzz
[2011/04/27 18:06:45 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\master.exe
[2011/04/27 16:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Desktop\tdsskiller
[2011/04/26 12:14:15 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dillon\Desktop\aswMBR.exe
[2011/04/26 08:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Application Data\com.amazon.music.uploader
[2011/04/26 08:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\My Documents\Amazon MP3 Uploader
[2011/04/26 08:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/24 16:24:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/24 16:18:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/24 16:18:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/24 16:18:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/24 16:18:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/24 16:18:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/24 16:17:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/24 09:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/04/24 09:01:36 | 000,000,000 | ---D | C] -- C:\rsit
[2011/04/05 18:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/05 18:48:41 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/05 18:48:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/05 18:48:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/05 18:48:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/05 18:48:41 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2007/04/11 17:09:46 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\Documents and Settings\Dillon\My Documents\*.tmp files -> C:\Documents and Settings\Dillon\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/28 11:22:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{432DC279-F38A-4F95-9128-676D04ECB646}.job
[2011/04/28 10:14:45 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\RKUnhookerLE.EXE
[2011/04/28 10:07:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/28 10:02:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/28 10:01:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/28 10:01:19 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 09:58:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
[2011/04/28 09:55:04 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\ERUNT.lnk
[2011/04/28 09:50:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dillon\Desktop\erunt-setup.exe
[2011/04/28 09:07:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/28 09:05:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dillon\Desktop\mbam-setup.exe
[2011/04/27 20:15:16 | 004,329,517 | R--- | M] () -- C:\Documents and Settings\Dillon\Desktop\zzz.exe
[2011/04/27 18:06:46 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\master.exe
[2011/04/27 16:27:10 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/27 16:27:10 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/27 16:05:19 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\tdsskiller.zip
[2011/04/26 21:50:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBR.dat
[2011/04/26 17:38:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/26 12:14:23 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dillon\Desktop\aswMBR.exe
[2011/04/26 12:14:01 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\SystemLook.exe
[2011/04/24 16:24:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/24 15:36:10 | 000,007,382 | -HS- | M] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\7y6774w28t81a
[2011/04/24 15:36:10 | 000,007,382 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7y6774w28t81a
[2011/04/24 15:32:26 | 000,235,472 | -HS- | M] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\vyt.exe
[2011/04/24 08:45:10 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\RSIT.exe
[2011/04/24 08:43:29 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\rkill.exe
[2011/04/16 23:04:30 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\dds.scr
[2011/04/15 10:27:46 | 000,319,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 14:06:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 22:04:59 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/04/05 18:48:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/05 18:48:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/05 18:48:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/05 18:48:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/05 18:48:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\Documents and Settings\Dillon\My Documents\*.tmp files -> C:\Documents and Settings\Dillon\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 10:14:45 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\RKUnhookerLE.EXE
[2011/04/28 09:55:04 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\ERUNT.lnk
[2011/04/28 09:07:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/27 20:15:04 | 004,329,517 | R--- | C] () -- C:\Documents and Settings\Dillon\Desktop\zzz.exe
[2011/04/27 16:05:12 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\tdsskiller.zip
[2011/04/26 22:51:11 | 526,897,152 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/26 12:24:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBR.dat
[2011/04/26 12:14:00 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\SystemLook.exe
[2011/04/26 08:30:12 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon MP3 Uploader.lnk
[2011/04/24 16:24:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/24 16:24:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/24 16:18:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/24 16:18:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/24 16:18:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/24 16:18:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/24 16:18:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/24 15:32:39 | 000,007,382 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7y6774w28t81a
[2011/04/24 15:32:38 | 000,007,382 | -HS- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\7y6774w28t81a
[2011/04/24 15:32:26 | 000,235,472 | -HS- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\vyt.exe
[2011/04/24 08:45:08 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\RSIT.exe
[2011/04/24 08:43:24 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\rkill.exe
[2011/04/16 23:04:30 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\dds.scr
[2011/04/13 22:04:59 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/01/08 10:05:14 | 000,181,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2007/09/30 08:28:49 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/21 21:46:11 | 000,007,313 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2007/04/21 21:45:35 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/02/16 14:23:13 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/16 14:22:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/02/16 14:22:44 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/17 12:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/06/14 20:03:52 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/13 21:21:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/04/29 08:38:16 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/02/26 09:33:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/26 09:26:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/20 18:38:32 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Dillon\Application Data\usb.dat.bin
[2006/02/07 19:44:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/02/01 22:14:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/01/31 10:29:58 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\fusioncache.dat
[2006/01/31 10:19:55 | 000,050,523 | ---- | C] () -- C:\WINDOWS\hpdins05.dat
[2006/01/31 10:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpdmdl01.dat
[2006/01/30 00:58:43 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/30 00:16:05 | 000,000,203 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/01/29 10:35:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/28 18:32:40 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\FASTWiz.html
[2005/11/11 16:46:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\usbaptest.dll
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2005/04/11 04:43:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/11 04:41:01 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/29 20:44:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/07 06:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 06:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:10:30 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 06:10:30 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 06:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 06:02:54 | 000,319,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 05:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 05:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/05 22:03:18 | 000,004,978 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/03/05 18:28:38 | 000,000,309 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/01/30 19:55:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2003/01/30 19:54:28 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2002/05/28 01:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 01:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008/07/13 19:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/12/14 07:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/02/27 21:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mMcHmPf06300
[2005/04/11 05:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/01/28 11:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/16 14:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/06/01 09:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/02/27 20:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/21 11:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/10/10 17:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Alien Skin
[2009/11/10 11:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Amazon
[2011/04/26 08:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\com.amazon.music.uploader
[2006/01/30 01:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\InterVideo
[2006/01/29 11:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Leadertech
[2006/01/30 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Musicmatch
[2011/01/07 12:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Samsung
[2009/10/19 18:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/04/28 10:07:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/04/28 11:22:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{432DC279-F38A-4F95-9128-676D04ECB646}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >




And second, Extras.txt:



OTL Extras logfile created on: 4/28/2011 11:16:51 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dillon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 161.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.05 Gb Total Space | 6.15 Gb Free Space | 16.59% Space Free | Partition Type: NTFS

Computer Name: DILLONA | User Name: Dillon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Hp\HP Software Update\HPWUCli.exe" = C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Common Files\AOL\1141440620\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1141440620\ee\aim6.exe:*:Enabled:AIM
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Sierra\FEAR\fpupdate.exe" = C:\Program Files\Sierra\FEAR\fpupdate.exe:*:Disabled:fpupdate
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader
"C:\Program Files\Common Files\AOL\1141440620\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1141440620\ee\aolsoftware.exe:*:Disabled:AOL Services
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{29BB5153-133B-4C82-AF51-BF303F2BFD63}" = King's Quest Collection(TM)
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{520B1077-6B1F-4B9B-B7BC-8CD2F04982C3}" = FEAR SP Demo
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5986F167-4C6C-4D03-9706-E1189B2A1462}" = iriver Music Manager
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{618F637A-5D4D-48F4-9679-D02F45BD4315}" = LS_HSI
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7D71FCA2-DB4A-497D-AF6F-B0D88DA92F88}" = FEAR SP Demo
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8FD62EBB-3175-4907-A326-989B14E5C757}" = hp deskjet 3500
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A0F591C-6ACB-225D-7CEE-4C5F9BEFEB7D}" = Amazon MP3 Uploader
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 H1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AGSAdventureDev312SP1_is1" = Adventure Game Studio 3.1.2 SP1
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.amazon.music.uploader" = Amazon MP3 Uploader
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Conexant PCI Audio" = Conexant AC-Link Audio
"ERUNT_is1" = ERUNT 1.1j
"HP Photo & Imaging" = HP Image Zone 4.8.5
"hp photosmart 1115 series_Driver" = hp photosmart 1115 series
"hp photosmart printer series" = hp photosmart printer series (Remove only)
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MLUpdater" = iRiver Updater
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Search Defender" = Yahoo! Search Protection

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AntiVirus_AntiSpyware_2011" = AntiVirus_AntiSpyware_2011

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AntiVirus_AntiSpyware_2011" = AntiVirus_AntiSpyware_2011

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Macromedia Central" = Macromedia Central
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Quest for Glory II" = Quest for Glory II

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2011 8:36:28 PM | Computer Name = DILLONA | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module , version
0.0.0.0, fault address 0x00000000.

Error - 4/26/2011 2:21:17 AM | Computer Name = DILLONA | Source = Application Error | ID = 1000
Description = Faulting application set29.tmp, version 11.0.0.28844, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 4/28/2011 11:30:54 AM | Computer Name = DILLONA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 0.0.0.0, faulting module
explorer.exe, version 0.0.0.0, fault address 0x0008cb40.

Error - 4/28/2011 11:30:54 AM | Computer Name = DILLONA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008cb40.

Error - 4/28/2011 11:31:00 AM | Computer Name = DILLONA | Source = Application Error | ID = 1001
Description = Fault bucket -1955886685.

Error - 4/28/2011 11:31:06 AM | Computer Name = DILLONA | Source = Application Error | ID = 1001
Description = Fault bucket -1956649226.

Error - 4/28/2011 12:22:29 PM | Computer Name = DILLONA | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.50.1.3, faulting module version.dll,
version 5.1.2600.5512, fault address 0x00001ddc.

Error - 4/28/2011 12:22:41 PM | Computer Name = DILLONA | Source = Application Error | ID = 1001
Description = Fault bucket -2060265999.

Error - 4/28/2011 12:36:36 PM | Computer Name = DILLONA | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.50.1.3, faulting module version.dll,
version 5.1.2600.5512, fault address 0x00001ddc.

Error - 4/28/2011 12:49:44 PM | Computer Name = DILLONA | Source = Application Error | ID = 1001
Description = Fault bucket -2060265999.

[ System Events ]
Error - 4/28/2011 11:16:43 AM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/28/2011 11:16:43 AM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/28/2011 11:16:43 AM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/28/2011 12:59:18 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 4/28/2011 12:59:18 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7031
Description = The Bluetooth Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 4/28/2011 12:59:18 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/28/2011 12:59:18 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7034
Description = The LightScribeService Direct Disc Labeling Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 4/28/2011 12:59:18 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (ddoctorv2) service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/28/2011 12:59:18 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/28/2011 12:59:18 PM | Computer Name = DILLONA | Source = Service Control Manager | ID = 7034
Description = The hpqwmiex service terminated unexpectedly. It has done this 1
time(s).


< End of report >



The reattempt of MBAM worked, like I said, and its report is posted above.

Thanks for your patience and help through this. I have a feeling that most posters who come here for help don't encounter as many difficulties as I have.
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby vict0r » April 28th, 2011, 8:04 pm

Scop wrote:Huzzah, progress!
:thumbright:

Scop wrote:You didn't seem to specify wanting one or both of the reports generated by OTL's scan, so I'm pasting both.

It is difficult to get the instructions 100% correct all the time when small details make big differences, like a missing s:
vict0r wrote:
  • The OTL-logs (scan)

Scop wrote:Thanks for your patience and help through this. I have a feeling that most posters who come here for help don't encounter as many difficulties as I have.
You are welcome. :)

You are correct about most posters, but other posters come here with the new variants of the infections too and face various difficulties
cleaning up, like in this case.

Thank you for your patience too. Unfortunately too many posters give up when facing just a little difficulties, never to be heared from again...

To avoid reinfection, please try to limit the use of the computer on the internet until we finish this process.


Backup the Registry

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

  • Start ERUNT backup by clicking Start >> Programs/All Programs >> ERUNT >> ERUNT.
  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.

Note: Do not continue with the next step if the registry backup was unsuccessful, post back instead.


Run OTL Script

We need to run another OTL script. This OTL script will reboot the computer. Save all work before continuing.

  • Double-click OTL.exe (on your desktop) to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
    IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
    O3 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [AntiVirus AntiSpyware 2011 Security]  File not found
    O4 - HKU\.DEFAULT..\Run: [AntiVirus_AntiSpyware_2011]  File not found
    O4 - HKU\S-1-5-18..\Run: [AntiVirus AntiSpyware 2011 Security]  File not found
    O4 - HKU\S-1-5-18..\Run: [AntiVirus_AntiSpyware_2011]  File not found
    O4 - HKLM..\RunServices: [quicktimeresourcesquicktime]  File not found
    O4 - HKLM..\RunServices: [QuickTimeWebHelperQuickTimeWebHelperQuickTime765132779]  File not found
    O4 - HKLM..\RunServices: [recursosquicktimequicktime]  File not found
    O15 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax3718.cab (MsnMusicAx Class)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5805/mcfscan.cab (McFreeScan Class)
    O33 - MountPoints2\{a0d4432b-ee38-11db-b1a8-00150042d234}\Shell - "" = AutoRun
    O33 - MountPoints2\{a0d4432b-ee38-11db-b1a8-00150042d234}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a0d4432b-ee38-11db-b1a8-00150042d234}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{a0d4432c-ee38-11db-b1a8-00150042d234}\Shell\AutoRun\command - "" = F:\setupSNK.exe
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled"=0
    "AntiVirusOverride"=0
    "FirewallOverride"=0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start"=1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=1
    "DoNotAllowExceptions"=0
    "DisableNotifications"=0
    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "AntiVirus_AntiSpyware_2011"=-
    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "AntiVirus_AntiSpyware_2011"=-
    :files
    C:\Documents and Settings\Dillon\Local Settings\Application Data\7y6774w28t81a
    C:\Documents and Settings\All Users\Application Data\7y6774w28t81a
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy and Paste that report in your next reply.


Reset Windows Firewall

Click on Start >> Run... then cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On (recommended) >> OK.

Close the window when finished.


SystemLook

  • Double-click SystemLook.exe (on your desktop) to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    C:\Program Files\Viewpoint /s
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt



I'd still like to see a log from Combofix:

Disable Microsoft Security Essentials

Make sure MSE is disabled:

  • Open Microsoft Security Essentials (MSE) and go to Settings > Real Time Protection.
  • Then uncheck "Turn on real time protection".
  • Close MSE when done.


Run ComboFix

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper.

Double click the ComboFix icon (zzz.exe) on the desktop to run the tool and click Yes to the disclaimer.

If Combofix asks to reboot, click Yes/OK. Combofix might reboot the computer automatically.

Please include the ComboFix log (C:\ComboFix.txt) in your next reply for further review and make sure MSE is re-enabled after Combofix is finished.


OTL

  • Double click on OTL.exe (on your desktop) to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  • Click on the Run Scan button at the top left hand corner.
  • OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.


To post:
  • OTL log (script)
  • SystemLook log
  • Combofix log
  • OTL logs (scan)
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: yet another search engine redirection

Unread postby Scop » April 29th, 2011, 4:09 pm

OTL script log:



========== PROCESSES ==========
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3863108728-1907864540-2948979912-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3863108728-1907864540-2948979912-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus AntiSpyware 2011 Security deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus_AntiSpyware_2011 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus AntiSpyware 2011 Security not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus_AntiSpyware_2011 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\quicktimeresourcesquicktime deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\QuickTimeWebHelperQuickTimeWebHelperQuickTime765132779 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\\recursosquicktimequicktime deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\login\ deleted successfully.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
C:\WINDOWS\Downloaded Program Files\QTPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
C:\WINDOWS\Downloaded Program Files\avsniff.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ not found.
Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Starting removal of ActiveX control {48DD0448-9209-4F81-9F6D-D83562940134}
C:\WINDOWS\Downloaded Program Files\MySpaceUploader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{48DD0448-9209-4F81-9F6D-D83562940134}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48DD0448-9209-4F81-9F6D-D83562940134}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48DD0448-9209-4F81-9F6D-D83562940134}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48DD0448-9209-4F81-9F6D-D83562940134}\ not found.
Starting removal of ActiveX control {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {ED28050F-D713-43BA-A376-DCC5C35407D5}
C:\WINDOWS\Downloaded Program Files\msninst.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{ED28050F-D713-43BA-A376-DCC5C35407D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED28050F-D713-43BA-A376-DCC5C35407D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{ED28050F-D713-43BA-A376-DCC5C35407D5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED28050F-D713-43BA-A376-DCC5C35407D5}\ not found.
Starting removal of ActiveX control {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
C:\WINDOWS\Downloaded Program Files\mcfscan.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d4432b-ee38-11db-b1a8-00150042d234}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0d4432b-ee38-11db-b1a8-00150042d234}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d4432b-ee38-11db-b1a8-00150042d234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0d4432b-ee38-11db-b1a8-00150042d234}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d4432b-ee38-11db-b1a8-00150042d234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0d4432b-ee38-11db-b1a8-00150042d234}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0d4432c-ee38-11db-b1a8-00150042d234}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0d4432c-ee38-11db-b1a8-00150042d234}\ not found.
File F:\setupSNK.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr\\"Start"|1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall"|1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"DoNotAllowExceptions"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"DisableNotifications"|0 /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\AntiVirus_AntiSpyware_2011 not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\AntiVirus_AntiSpyware_2011 not found.
========== FILES ==========
C:\Documents and Settings\Dillon\Local Settings\Application Data\7y6774w28t81a moved successfully.
C:\Documents and Settings\All Users\Application Data\7y6774w28t81a moved successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 04292011_115311

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby Scop » April 29th, 2011, 4:10 pm

SystemLook log:



SystemLook 04.09.10 by jpshortstuff
Log created at 12:04 on 29/04/2011 by Dillon
Administrator - Elevation successful

========== dir ==========

C:\Program Files\Viewpoint - Parameters: "/s"

---Files---
None found.

C:\Program Files\Viewpoint\Common d------ [03:25 31/12/2007]
ViewpointService.exe --a---- 24652 bytes [03:25 31/12/2007] [21:38 04/01/2007]
VistaBoot.sdll --a---- 69701 bytes [03:25 31/12/2007] [21:38 04/01/2007]

C:\Program Files\Viewpoint\Viewpoint Toolbar d------ [23:37 08/11/2006]

-= EOF =-
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby Scop » April 29th, 2011, 4:16 pm

ComboFix, unfortunately, played the same tune and stalled in the same place as previously.

The OTL scan only popped up the OTL.txt report; there was no Extras.txt minimized or maximized. I opened the Extras file already on my Desktop, but whereas the newest OTL.txt has today's date (4/29), that one has yesterday's (4/28). I can't tell if it simply didn't generate the Extras report or didn't overwrite the previous one. But here follows the Extras OTL log:



OTL logfile created on: 4/29/2011 12:52:29 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dillon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 114.00 Mb Available Physical Memory | 23.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.05 Gb Total Space | 6.00 Gb Free Space | 16.19% Space Free | Partition Type: NTFS

Computer Name: DILLONA | User Name: Dillon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/28 09:58:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/10/07 08:23:46 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/11/29 20:55:44 | 000,569,405 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2004/11/29 20:55:10 | 001,261,652 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2004/11/04 11:40:08 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/03/11 01:08:52 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2003/01/30 19:55:46 | 000,311,296 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe
PRC - [2002/12/17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2002/12/02 20:56:10 | 000,040,960 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2011/04/28 09:58:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2004/11/04 11:39:58 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2003/01/30 19:55:44 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)


========== Driver Services (SafeList) ==========

DRV - [2011/04/29 12:51:56 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{32E72172-5F8D-4B09-88D7-8E6812E3D472}\MpKsle677813c.sys -- (MpKsle677813c)
DRV - [2010/12/20 22:55:02 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/12/20 22:55:02 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/12/20 22:55:02 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2009/09/16 11:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 11:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/11/14 17:35:24 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/12/11 12:05:28 | 002,209,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2006/04/10 15:02:00 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/09/20 11:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/05 12:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 12:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/02/17 23:42:02 | 000,349,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/02/17 23:41:18 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2004/12/14 15:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/14 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/14 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/12/02 09:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/11/29 20:36:22 | 000,399,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/11/29 20:34:20 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/11/29 20:33:14 | 001,337,850 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/11/29 20:30:44 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/03/29 18:28:24 | 000,014,531 | ---- | M] (iRiver, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ifp800.sys -- (IFP800)
DRV - [2003/01/30 19:55:44 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2003/01/30 19:55:44 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2003/01/30 19:55:44 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2003/01/30 19:55:44 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2002/09/23 14:49:44 | 000,068,672 | ---- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP)
DRV - [2001/11/20 17:01:00 | 000,012,338 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/11/08 08:53:54 | 000,018,120 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net?cid=ie8_0904
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2004/08/04 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hp\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3863108728-1907864540-2948979912-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://www.nintendowifi.com/troubleshoo ... aptest.cab (USBAPTester Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab (VerifyGMN Class)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7434653125 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dillon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dillon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 12:08:55 | 000,000,000 | --SD | C] -- C:\zzz
[2011/04/28 09:59:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/28 09:58:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
[2011/04/28 09:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/28 09:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/28 09:50:13 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Dillon\Desktop\erunt-setup.exe
[2011/04/28 09:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Application Data\Malwarebytes
[2011/04/28 09:07:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/28 09:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/28 09:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/28 09:07:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/28 09:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/28 09:05:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dillon\Desktop\mbam-setup.exe
[2011/04/27 18:06:45 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\master.exe
[2011/04/27 16:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Desktop\tdsskiller
[2011/04/26 12:14:15 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dillon\Desktop\aswMBR.exe
[2011/04/26 08:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\Application Data\com.amazon.music.uploader
[2011/04/26 08:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dillon\My Documents\Amazon MP3 Uploader
[2011/04/26 08:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/24 16:24:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/24 16:18:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/24 16:18:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/24 16:18:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/24 16:18:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/24 16:18:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/24 16:17:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/24 09:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/04/24 09:01:36 | 000,000,000 | ---D | C] -- C:\rsit
[2011/04/05 18:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/05 18:48:41 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/05 18:48:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/05 18:48:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/05 18:48:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/05 18:48:41 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2007/04/11 17:09:46 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\Documents and Settings\Dillon\My Documents\*.tmp files -> C:\Documents and Settings\Dillon\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/29 13:02:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{432DC279-F38A-4F95-9128-676D04ECB646}.job
[2011/04/29 12:50:38 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/29 12:45:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/29 12:44:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 12:44:28 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 12:08:07 | 004,333,301 | R--- | M] () -- C:\Documents and Settings\Dillon\Desktop\zzz.exe
[2011/04/29 12:04:24 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/29 12:04:24 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/28 10:14:45 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\RKUnhookerLE.EXE
[2011/04/28 09:58:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\OTL.exe
[2011/04/28 09:55:04 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\ERUNT.lnk
[2011/04/28 09:50:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Dillon\Desktop\erunt-setup.exe
[2011/04/28 09:07:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/28 09:05:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dillon\Desktop\mbam-setup.exe
[2011/04/27 18:06:46 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dillon\Desktop\master.exe
[2011/04/27 16:05:19 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\tdsskiller.zip
[2011/04/26 21:50:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\MBR.dat
[2011/04/26 17:38:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/26 12:14:23 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dillon\Desktop\aswMBR.exe
[2011/04/26 12:14:01 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\SystemLook.exe
[2011/04/24 16:24:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/24 08:45:10 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\RSIT.exe
[2011/04/24 08:43:29 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\rkill.exe
[2011/04/16 23:04:30 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Dillon\Desktop\dds.scr
[2011/04/15 10:27:46 | 000,319,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 14:06:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 22:04:59 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/04/05 18:48:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/05 18:48:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/05 18:48:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/05 18:48:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/05 18:48:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\Documents and Settings\Dillon\My Documents\*.tmp files -> C:\Documents and Settings\Dillon\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 10:14:45 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\RKUnhookerLE.EXE
[2011/04/28 09:55:04 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\ERUNT.lnk
[2011/04/28 09:07:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/27 20:15:04 | 004,333,301 | R--- | C] () -- C:\Documents and Settings\Dillon\Desktop\zzz.exe
[2011/04/27 16:05:12 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\tdsskiller.zip
[2011/04/26 22:51:11 | 526,897,152 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/26 12:24:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\MBR.dat
[2011/04/26 12:14:00 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\SystemLook.exe
[2011/04/26 08:30:12 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon MP3 Uploader.lnk
[2011/04/24 16:24:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/24 16:24:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/24 16:18:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/24 16:18:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/24 16:18:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/24 16:18:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/24 16:18:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/24 08:45:08 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\RSIT.exe
[2011/04/24 08:43:24 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\rkill.exe
[2011/04/16 23:04:30 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Dillon\Desktop\dds.scr
[2011/04/13 22:04:59 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/01/08 10:05:14 | 000,181,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2007/09/30 08:28:49 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/21 21:46:11 | 000,007,313 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2007/04/21 21:45:35 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/02/16 14:23:13 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/16 14:22:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/02/16 14:22:44 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/17 12:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/06/14 20:03:52 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/13 21:21:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/04/29 08:38:16 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/02/26 09:33:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/26 09:26:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/20 18:38:32 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Dillon\Application Data\usb.dat.bin
[2006/02/07 19:44:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/02/01 22:14:47 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/01/31 10:29:58 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\fusioncache.dat
[2006/01/31 10:19:55 | 000,050,523 | ---- | C] () -- C:\WINDOWS\hpdins05.dat
[2006/01/31 10:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpdmdl01.dat
[2006/01/30 00:58:43 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/30 00:16:05 | 000,000,203 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/01/29 10:35:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/28 18:32:40 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dillon\Local Settings\Application Data\FASTWiz.html
[2005/11/11 16:46:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\usbaptest.dll
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2005/04/11 04:43:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/11 04:41:01 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/29 20:44:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/07 06:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 06:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:10:30 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 06:10:30 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 06:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 06:02:54 | 000,319,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 05:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 05:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/05 22:03:18 | 000,004,978 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/03/05 18:28:38 | 000,000,309 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/01/30 19:55:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2003/01/30 19:54:28 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2002/05/28 01:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 01:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008/07/13 19:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/12/14 07:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/02/27 21:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mMcHmPf06300
[2005/04/11 05:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/01/28 11:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/02/16 14:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/06/01 09:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/02/27 20:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/21 11:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/10/10 17:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Alien Skin
[2009/11/10 11:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Amazon
[2011/04/26 08:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\com.amazon.music.uploader
[2006/01/30 01:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\InterVideo
[2006/01/29 11:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Leadertech
[2006/01/30 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Musicmatch
[2011/01/07 12:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dillon\Application Data\Samsung
[2009/10/19 18:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/04/29 12:50:38 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/04/29 13:02:01 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{432DC279-F38A-4F95-9128-676D04ECB646}.job

========== Purity Check ==========



< End of report >
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am

Re: yet another search engine redirection

Unread postby vict0r » April 29th, 2011, 6:17 pm

Hi.

It seems that OTL does only generates the Extras log on the first run. My mistake.

How is the performance of the computer now? Check for search engine redirection and functionality of hibernation. Are there other symptoms that you think might indicate infection?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: yet another search engine redirection

Unread postby Scop » April 30th, 2011, 12:08 pm

Wow, it's much better! I'm not seeing the redirections. I didn't really think the hibernation issue was due to the infection until I saw in one of the reports that a suspicious file had been found in a drivers directory. My reading about hibernation issues had indicated it's usually a driver issue, but I couldn't find anything.

I didn't mention this before, but my machine would also exit Standby spontaneously. Now I'm guessing that it was attempting to go from Standby to Hibernation as scheduled with my Power Properties settings, but the infection prevented it from taking the step.

And at the moment, I'm not seeing anything else that seems like a symptom of infection. Computer's running smoother than it has for a while, too; maybe due to the extra drive space and the removal of Adobe Reader?

But yes, things are looking a lot better, thanks!
Scop
Regular Member
 
Posts: 41
Joined: April 17th, 2011, 2:08 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware