Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google -- and other search engine -- redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google -- and other search engine -- redirect

Unread postby lycophidion » September 16th, 2011, 11:28 pm

My pc contracted the infamous "google redirect," except it occurs with all search engines. Sometimes I can get in one valid search before it kicks in. I have TrendMicro Platinum installed. For the days in which the infection may have occurred, the antivirus log reads:

Date/Time,Affected Files,Threat,Source,Response

9/6/2011 1:08 PM,C:\Users\Mike\AppData\Roaming\defender,Cryp_FakeCon2,Threat,Detected
9/6/2011 1:08 PM,C:\Users\Mike\AppData\Roaming\defender.exe,Cryp_FakeCon2,Threat,Detected
9/6/2011 1:16 PM,C:\Users\Mike\AppData\Roaming\defender.exe,Cryp_FakeCon2,Threat,Detected
9/6/2011 1:16 PM,C:\Users\Mike\AppData\Roaming\defender.exe,Cryp_FakeCon2,Threat,Detected
9/6/2011 2:11 PM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_GEN.R30C2HU,Threat,Detected

In addition, in the log entry "unauthorized change prevention" I found the entry "defender.exe"

My HijackThis logfile reads as follows:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:33 PM, on 9/16/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\SysWOW64\RunDll32.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Mike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Mike\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Video Download Toolbar Intercept - {B29002A0-87A1-4DC4-AC55-5982034EB61E} - C:\PROGRA~2\VIDEOD~1\VIDEOD~1.DLL
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2467456713-2382794928-1521613451-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2467456713-2382794928-1521613451-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14889 bytes

-----
Thanks for your help!
lycophidion
Regular Member
 
Posts: 17
Joined: September 16th, 2011, 11:15 pm
Advertisement
Register to Remove

Re: Google -- and other search engine -- redirect

Unread postby Gary R » September 18th, 2011, 2:04 am

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google -- and other search engine -- redirect

Unread postby Gary R » September 18th, 2011, 2:09 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi lycophidion

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Your HJT log shows you're running the 64 bit version of Windows 7. HJT was not designed to work with that system so it's results cannot be relied on, I need you to run a couple of additional scans for me ....

Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google -- and other search engine -- redirect

Unread postby lycophidion » September 18th, 2011, 7:13 pm

Thanks for getting back to me! Ok, here are the logs from OTL:
-----
OTL logfile created on: 9/18/2011 7:02:03 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Mike\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.74 Gb Total Physical Memory | 3.90 Gb Available Physical Memory | 67.94% Memory free
11.48 Gb Paging File | 9.34 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.93 Gb Total Space | 382.58 Gb Free Space | 84.10% Space Free | Partition Type: NTFS
Drive D: | 4.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LYCOPHIDION | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/18 19:00:23 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
PRC - [2011/09/07 18:14:04 | 000,161,336 | ---- | M] (Google) -- C:\Users\Mike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/08/17 23:32:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/10 18:52:34 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/10 18:52:34 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/09/26 19:54:00 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/09/26 19:51:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/24 12:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/09/03 03:28:54 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/08/19 20:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/07/29 21:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 23:32:03 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/07/06 11:41:32 | 006,271,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/09/27 13:41:00 | 000,010,856 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2010/09/24 12:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/09/03 03:28:54 | 000,518,640 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/08/30 05:34:12 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/12 23:33:08 | 006,746,280 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV:64bit: - [2011/02/16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV:64bit: - [2010/10/22 13:13:40 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/29 21:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/07/19 20:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/07/19 19:48:36 | 000,340,240 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/07/19 19:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/04/16 18:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/13 06:30:07 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/12/10 18:52:34 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/10 18:52:34 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/09/26 19:54:00 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/09/26 19:51:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/09/04 03:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 03:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/12 23:33:09 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\Windows\SysNative\drivers\pxrts.sys -- (pxrts)
DRV:64bit: - [2011/09/12 23:33:09 | 000,036,384 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pxscan.sys -- (pxscan)
DRV:64bit: - [2011/09/12 23:33:08 | 000,024,024 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pxkbf.sys -- (pxkbf)
DRV:64bit: - [2011/02/18 12:33:26 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/02/18 12:33:26 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/02/18 12:33:26 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/02/18 12:33:26 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/02/13 08:00:57 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/02/13 08:00:57 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/13 08:00:39 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/12/10 18:51:20 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010/10/26 22:26:18 | 000,171,608 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/09/27 13:41:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/09/02 15:53:26 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/09/02 15:53:26 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/09/02 15:53:26 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/09/02 15:53:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/09/02 15:53:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/20 15:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/20 10:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/08/12 12:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/08/06 03:32:22 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/07/30 19:36:38 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2010/07/19 05:27:26 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/07/15 21:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/09 14:29:00 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/06/21 08:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/06/18 12:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/04/16 18:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 21:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2467456713-2382794928-1521613451-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2467456713-2382794928-1521613451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2467456713-2382794928-1521613451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKU\S-1-5-21-2467456713-2382794928-1521613451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2467456713-2382794928-1521613451-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gmail.com/"
FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:3.0.0.1303
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - prefs.js..extensions.enabledItems: printpdf@pavlov.net:0.76
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z045&form=ZGAADF&q="
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.startup.homepage: "http://www.gmail.com/"
FF - user.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:3.0.0.1303
FF - user.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - user.js..extensions.enabledItems: printpdf@pavlov.net:0.76
FF - user.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - user.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - user.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/13 06:50:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/02/18 12:46:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\firefoxextension\ [2011/08/17 23:29:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/17 23:32:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/06 23:49:23 | 000,000,000 | ---D | M]

[2011/02/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2011/08/01 16:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ev47zljw.default\extensions
[2011/08/01 16:52:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ev47zljw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/01 16:52:02 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ev47zljw.default\extensions\anttoolbar@ant.com
[2011/02/26 16:28:26 | 000,000,000 | ---D | M] (printpdf) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ev47zljw.default\extensions\printpdf@pavlov.net
[2011/06/09 12:02:40 | 000,001,919 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ev47zljw.default\searchplugins\bing-zugo.xml
[2011/07/06 23:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/06 23:49:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/02/18 12:46:29 | 000,000,000 | ---D | M] (Trend Micro Toolbar) -- C:\PROGRAM FILES\TREND MICRO\TITANIUM\UIFRAMEWORK\TOOLBAR\FIREFOXEXTENSION
[2011/08/17 23:32:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/06 23:49:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/09 20:10:55 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Video Download Toolbar Intercept) - {B29002A0-87A1-4DC4-AC55-5982034EB61E} - C:\Program Files (x86)\VideoDownloadToolbar\VideoDownloadToolbarIntercept.dll (Sakysoft s.r.l. uninominale)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2467456713-2382794928-1521613451-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2467456713-2382794928-1521613451-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2467456713-2382794928-1521613451-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2467456713-2382794928-1521613451-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2467456713-2382794928-1521613451-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2467456713-2382794928-1521613451-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2467456713-2382794928-1521613451-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2467456713-2382794928-1521613451-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FA53297-BEFF-4415-AA61-F2709AB943C1}: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53FEE0C6-3F10-4B23-A376-23152861756B}: DhcpNameServer = 167.206.254.1 167.206.254.2
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) -c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/21 13:26:21 | 000,000,057 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{318e18ff-376a-11e0-84d2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{318e18ff-376a-11e0-84d2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\OblivionLauncher.exe -- [2006/02/27 10:15:50 | 001,662,976 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\{9532108e-3c60-11e0-98f3-c0cb38acbedc}\Shell - "" = AutoRun
O33 - MountPoints2\{9532108e-3c60-11e0-98f3-c0cb38acbedc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a6a3caa1-9829-11e0-822f-c0cb38acbedc}\Shell - "" = AutoRun
O33 - MountPoints2\{a6a3caa1-9829-11e0-822f-c0cb38acbedc}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{d6c74f55-5afb-11e0-a698-c0cb38acbedc}\Shell - "" = AutoRun
O33 - MountPoints2\{d6c74f55-5afb-11e0-a698-c0cb38acbedc}\Shell\AutoRun\command - "" = E:\AutoRunMorrowind.exe
O33 - MountPoints2\{d6c74f55-5afb-11e0-a698-c0cb38acbedc}\Shell\install\command - "" = E:\Setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2467456713-2382794928-1521613451-1001..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2467456713-2382794928-1521613451-1001\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/18 19:00:23 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/09/18 18:07:37 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{8BDF89B0-A489-446F-969B-EAD01D133EE3}
[2011/09/17 21:28:52 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{9DD875B9-8B30-4743-A652-71C6E31D1795}
[2011/09/17 09:51:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{53432C18-3B8E-4AD2-98DC-345DC76CCFA5}
[2011/09/16 22:54:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mike\Desktop\HijackThis.exe
[2011/09/16 21:38:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{4FB9B23F-D2AF-453B-A963-D83723F0F2C5}
[2011/09/15 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{4BC48493-4E63-483E-B90F-20E3054AB804}
[2011/09/15 18:28:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{F25AEC11-BE49-41E6-9CC9-6DDD5759CB49}
[2011/09/15 15:19:54 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{54284A07-9C7F-44F7-8F45-41B4E465EA9C}
[2011/09/15 14:03:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{1BDB3225-CDBA-4796-A707-66993F155D63}
[2011/09/15 10:35:59 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{866523F3-76D6-462E-B7C0-7D0B6923A127}
[2011/09/14 18:43:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{92811E7C-3E79-460C-9323-B1DC376AD7CA}
[2011/09/13 17:27:05 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{06AD9151-EC75-48D4-8A50-6E79C835C0FE}
[2011/09/13 16:16:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\TOTF_1_2_2-11598
[2011/09/13 15:26:42 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{FA828AA2-7DB9-46EB-B22C-36C8F1E772B0}
[2011/09/13 10:40:59 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{EC017A03-CFE4-4A4E-9BB8-AB6575B3FBC9}
[2011/09/12 23:33:09 | 000,065,736 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2011/09/12 23:33:09 | 000,062,976 | ---- | C] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll
[2011/09/12 23:33:09 | 000,036,384 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2011/09/12 23:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prevx 3.0
[2011/09/12 23:33:08 | 000,024,024 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2011/09/12 23:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/09/12 23:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2011/09/12 23:32:35 | 000,945,272 | ---- | C] (Prevx) -- C:\Users\Mike\Desktop\CFF22D9B69CA412C9E93.EXE
[2011/09/12 23:25:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{99079B98-1FE1-4DD3-99C7-F28B544BD6FB}
[2011/09/12 21:05:21 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{8B00A4F4-06D6-42B8-9FEA-7CA49B66E81E}
[2011/09/11 19:48:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\amazon sales
[2011/09/11 19:38:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{CA5C0E11-09AB-4611-8CF8-348519FFE34B}
[2011/09/11 17:05:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{B33B1F6A-18E2-402F-A3BB-52C60D8D9879}
[2011/09/11 08:50:58 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{F63AB634-BF33-4696-A9BB-254CAF85137F}
[2011/09/10 22:26:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{0F660357-27DA-42BF-B75E-0F14CA7AE98D}
[2011/09/10 09:15:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{3BD6AA82-D3D1-4777-91F8-BD510C3129B3}
[2011/09/10 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{C42CC962-8E38-4FCB-8D98-F8F2BC26018D}
[2011/09/10 00:01:39 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{FAA6F676-0E13-4E85-A0EB-46FB706AAC33}
[2011/09/09 23:09:06 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2011/09/09 23:09:03 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/09/09 23:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/09 23:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/09 23:09:00 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/09 23:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/09 23:08:05 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mike\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/09 20:14:12 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{D8EB9E07-1A2D-4608-8703-6530EC3A9D72}
[2011/09/09 20:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/09/09 17:23:12 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{2BFBADBC-BA16-4DAF-854D-8FA1202E34B9}
[2011/09/09 12:20:03 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{BA21BE42-38C1-4478-B1AC-0EB1D6ED9032}
[2011/09/09 01:18:42 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{7E0B9497-898F-4186-84ED-5CB990C4DFFB}
[2011/09/08 21:08:00 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{1E4190BC-EBF8-44D8-B57C-AADA94E28537}
[2011/09/08 19:11:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{E4159B49-7830-41C0-8467-93D0C91A311C}
[2011/09/08 13:20:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{EC338650-AE5B-4932-A51D-8937A35932DD}
[2011/09/08 10:57:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{2D7003B2-DD1F-41A4-A5D6-4D1D96F3F9D3}
[2011/09/07 20:36:03 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{B6CE6441-CBF2-4C4B-8B10-D2CBE7234DAE}
[2011/09/07 09:10:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{C5CE7803-1056-4421-81D2-3F8FC85809E0}
[2011/09/06 20:09:41 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{071AE803-920B-4CF4-966D-D4C1B29E1870}
[2011/09/06 16:38:56 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{441D890F-1ADE-4D8F-9BC8-477010F0E3F0}
[2011/09/06 13:18:23 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/09/06 12:32:52 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{B193E23A-CD0C-4907-B625-16CCF17E520F}
[2011/09/06 10:53:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{73CB1743-6163-4C36-B604-21FC0239686A}
[2011/09/05 22:26:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{A6862825-D7D7-4DAB-B276-72669B5F7EB2}
[2011/09/05 15:43:34 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{ABDB1380-A90E-40E2-898C-D4F28FDD5519}
[2011/09/05 11:13:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{13785D45-C569-44A2-8C47-D9BB02F3C630}
[2011/09/04 20:18:56 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{9E80FEFB-8D7B-4E6B-8207-07CF3859B079}
[2011/09/04 19:03:23 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{7D9FD54A-0E03-4C18-A469-05C147AB7C75}
[2011/09/04 16:47:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{96599E0C-9C59-415F-83F7-A888F0286D7E}
[2011/09/04 08:29:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{174DA1C0-5125-4853-AF9B-09AD900512A0}
[2011/09/03 10:22:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{59C48BEA-C608-43A3-88CA-95137A319233}
[2011/09/02 23:38:44 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{46CA75E5-7C57-429B-B28D-7984F4C5D300}
[2011/09/02 15:33:17 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{771E7C96-AA89-407F-9BAE-2079E3B3479D}
[2011/09/01 15:36:53 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{B04750A4-0429-41DB-94C6-AC0BACBFA47F}
[2011/09/01 08:24:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{D65B51FE-357E-494D-9E5F-D58E648C2658}
[2011/08/31 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{C75DE5DD-A362-48A9-A63E-28533788B8A8}
[2011/08/31 10:34:02 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{B65ECC59-866B-4A3F-BE7E-C9EDE1DD1FC5}
[2011/08/30 18:27:05 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{7C26AB20-615B-458D-BB13-4BB3A2A0D220}
[2011/08/30 14:38:42 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{CD8D0CA3-F894-49D9-94A0-CE981FFF7EA9}
[2011/08/29 13:42:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{CF4B2485-8CD3-4206-9ACF-439A62AD3087}
[2011/08/29 09:39:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{A7A06682-89D6-4744-BC96-DB0279FF6900}
[2011/08/29 08:08:56 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{4D4E3C14-E491-4654-AF4E-AB16A0535763}
[2011/08/29 01:34:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{21D94AE1-958A-4A48-8CF3-E57ED958FDCF}
[2011/08/29 00:47:19 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\temp
[2011/08/28 22:03:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{5A8C5B01-0089-4242-8AEC-77572F2B10B2}
[2011/08/28 11:09:19 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{6DF5DB4D-0BAB-4532-8ED1-7D3421955A2B}
[2011/08/27 21:13:45 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{5334B3A9-9A14-4B34-AD4D-74C9001EF7D0}
[2011/08/27 19:23:40 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{E3C11369-B2C1-459E-A947-78B82C0F8A31}
[2011/08/27 16:59:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{B55620E5-774D-4C3C-918C-86CEB761AB4F}
[2011/08/27 06:12:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{F4D8B800-3B67-4B0E-A4D8-B8B20A08E92E}
[2011/08/27 02:20:26 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{E888BD6F-4360-446D-A76D-F1F0DCF24A8D}
[2011/08/26 19:39:44 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{577F163D-3C0D-4871-B510-E3CC4361C401}
[2011/08/24 09:47:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{07DFCC61-F312-4F16-B282-9B5A88589030}
[2011/08/23 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{622FC7EA-AB49-4957-A34F-8C0F0F09D388}
[2011/08/23 19:51:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{53EDAA21-CDDF-45E9-A7C3-F45C925C979D}
[2011/08/23 14:43:26 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{29FE0FFB-C4B8-4C7E-8EC0-9A7A7385DAED}
[2011/08/23 10:30:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{E1E7176C-C626-405A-92A3-228EA7467FC3}
[2011/08/22 18:14:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{5376C1DC-4526-47E9-8DAA-5B20D4A3C00F}
[2011/08/22 08:54:18 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{9EED1E65-7747-4BE0-ACD3-F89DAD53E037}
[2011/08/21 19:19:38 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{91187A56-212A-41ED-B42F-891F68FC4BE5}
[2011/08/21 18:03:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{0422C965-3F01-42AF-9982-B6742B1D4255}
[2011/08/21 16:24:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{AE2718D7-938D-43E3-94FB-EEAD72439795}
[2011/08/21 13:59:42 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{38301210-10A4-4152-8F37-56AA4828D6E4}
[2011/08/21 10:07:17 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{719D67E9-AB0E-4416-A98C-0D6350E298F7}
[2011/08/20 20:22:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{689EC1CE-DAF1-4A3B-83F5-C1400391277C}
[2011/08/20 13:15:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{6D4BD07F-53CA-4097-A927-072D5B21627C}
[2011/08/19 23:38:40 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{8DC350F6-1991-4490-866C-8D673B0AAB88}
[2011/08/19 20:45:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{05C412AD-D317-4497-8EAC-14503DA6F66D}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/18 19:00:23 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/09/18 18:42:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2467456713-2382794928-1521613451-1001UA.job
[2011/09/18 18:21:26 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/09/18 18:13:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/18 18:13:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/18 18:04:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/18 18:04:28 | 328,130,559 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/16 23:10:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mike\Desktop\HijackThis.exe
[2011/09/15 20:48:40 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2467456713-2382794928-1521613451-1001Core.job
[2011/09/14 09:39:39 | 000,733,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/14 09:39:39 | 000,629,676 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/14 09:39:39 | 000,108,298 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/12 23:33:09 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys
[2011/09/12 23:33:09 | 000,062,976 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll
[2011/09/12 23:33:09 | 000,036,384 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxscan.sys
[2011/09/12 23:33:08 | 000,024,024 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxkbf.sys
[2011/09/12 23:32:35 | 000,945,272 | ---- | M] (Prevx) -- C:\Users\Mike\Desktop\CFF22D9B69CA412C9E93.EXE
[2011/09/09 23:09:03 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/09 23:08:06 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mike\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/09 21:28:32 | 000,010,608 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/09/09 20:10:55 | 000,000,860 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/09 19:28:20 | 000,000,211 | ---- | M] () -- C:\Users\Mike\Documents\log2.CSV
[2011/09/09 18:57:01 | 000,001,653 | ---- | M] () -- C:\Users\Mike\Documents\log.CSV
[2011/08/24 14:14:56 | 000,535,128 | ---- | M] () -- C:\Users\Mike\Documents\street beyond tea party.xps
[2011/08/23 16:26:31 | 000,010,084 | ---- | M] () -- C:\Users\Mike\Documents\promo code kensington.pdf
[2011/08/22 18:50:57 | 000,000,272 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\.backup.dm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/09 23:09:03 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/09 20:13:30 | 000,010,608 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/09/09 19:28:20 | 000,000,211 | ---- | C] () -- C:\Users\Mike\Documents\log2.CSV
[2011/09/09 18:57:01 | 000,001,653 | ---- | C] () -- C:\Users\Mike\Documents\log.CSV
[2011/08/24 14:14:50 | 000,535,128 | ---- | C] () -- C:\Users\Mike\Documents\street beyond tea party.xps
[2011/08/23 16:26:30 | 000,010,084 | ---- | C] () -- C:\Users\Mike\Documents\promo code kensington.pdf
[2011/08/22 18:50:57 | 000,000,272 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\.backup.dm
[2011/08/01 17:06:39 | 000,003,584 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 14:11:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/02/18 17:18:59 | 000,000,076 | ---- | C] () -- C:\Windows\ArcView9x.INI
[2011/02/18 16:53:31 | 000,746,690 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/18 16:32:21 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2011/02/18 16:32:21 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2011/02/18 16:32:21 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2011/02/18 16:01:58 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011/02/18 16:01:57 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011/02/18 15:56:17 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/02/13 07:36:51 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/02/13 07:36:51 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/02/13 07:36:51 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/02/13 07:36:50 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/02/13 07:36:48 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997/06/25 16:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll

========== LOP Check ==========

[2011/02/18 17:14:32 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ESRI
[2011/07/06 00:40:53 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Fingertapps
[2011/06/09 12:03:04 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\FLVPlayer4Free
[2011/08/18 22:36:02 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\IMVU
[2011/06/06 19:08:35 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\IMVUClient
[2011/02/17 23:14:36 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/09/11 19:32:56 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/18 18:21:26 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
-----

OTL Extras logfile created on: 9/18/2011 7:02:03 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Mike\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.74 Gb Total Physical Memory | 3.90 Gb Available Physical Memory | 67.94% Memory free
11.48 Gb Paging File | 9.34 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.93 Gb Total Space | 382.58 Gb Free Space | 84.10% Space Free | Partition Type: NTFS
Drive D: | 4.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LYCOPHIDION | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2467456713-2382794928-1521613451-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi Software
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Maximum Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Maximum Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel(R) Wireless Display
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Dell Support Center" = Dell Support Center
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PCSI" = Prevx
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage
"{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}" = Dell MusicStage
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"ArcGIS Desktop" = ArcGIS Desktop
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 4.4.0.0
"GoToAssist" = GoToAssist 8.0.0.514
"ImageJ_is1" = ImageJ 1.44p
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"Video Download Toolbar" = Video Download Toolbar
"Video Download Toolbar_is1" = Video Download Toolbar 2.0.0.0
"VISPRO" = Microsoft Office Visio Professional 2007
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2467456713-2382794928-1521613451-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
lycophidion
Regular Member
 
Posts: 17
Joined: September 16th, 2011, 11:15 pm

Re: Google -- and other search engine -- redirect

Unread postby lycophidion » September 18th, 2011, 7:20 pm

... and here is the TDSSKiller log:
-----
2011/09/18 19:18:22.0618 16528 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/18 19:18:22.0963 16528 ================================================================================
2011/09/18 19:18:22.0964 16528 SystemInfo:
2011/09/18 19:18:22.0964 16528
2011/09/18 19:18:22.0964 16528 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/18 19:18:22.0964 16528 Product type: Workstation
2011/09/18 19:18:22.0964 16528 ComputerName: LYCOPHIDION
2011/09/18 19:18:22.0964 16528 UserName: Mike
2011/09/18 19:18:22.0964 16528 Windows directory: C:\Windows
2011/09/18 19:18:22.0964 16528 System windows directory: C:\Windows
2011/09/18 19:18:22.0964 16528 Running under WOW64
2011/09/18 19:18:22.0964 16528 Processor architecture: Intel x64
2011/09/18 19:18:22.0965 16528 Number of processors: 4
2011/09/18 19:18:22.0965 16528 Page size: 0x1000
2011/09/18 19:18:22.0965 16528 Boot type: Normal boot
2011/09/18 19:18:22.0965 16528 ================================================================================
2011/09/18 19:18:23.0932 16528 Initialize success
2011/09/18 19:18:58.0078 16772 ================================================================================
2011/09/18 19:18:58.0078 16772 Scan started
2011/09/18 19:18:58.0078 16772 Mode: Manual;
2011/09/18 19:18:58.0078 16772 ================================================================================
2011/09/18 19:18:58.0536 16772 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/18 19:18:58.0591 16772 Acceler (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
2011/09/18 19:18:58.0633 16772 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/18 19:18:58.0673 16772 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/18 19:18:58.0717 16772 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/18 19:18:58.0754 16772 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/18 19:18:58.0791 16772 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/18 19:18:58.0856 16772 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/09/18 19:18:58.0896 16772 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/18 19:18:58.0938 16772 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/18 19:18:58.0960 16772 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/18 19:18:58.0985 16772 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/18 19:18:59.0004 16772 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/18 19:18:59.0031 16772 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/18 19:18:59.0056 16772 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/18 19:18:59.0076 16772 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/18 19:18:59.0112 16772 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/09/18 19:18:59.0156 16772 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/18 19:18:59.0198 16772 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/18 19:18:59.0222 16772 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/18 19:18:59.0262 16772 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/18 19:18:59.0308 16772 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/18 19:18:59.0363 16772 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/18 19:18:59.0415 16772 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/18 19:18:59.0461 16772 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/18 19:18:59.0508 16772 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/18 19:18:59.0535 16772 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/18 19:18:59.0560 16772 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/18 19:18:59.0597 16772 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/18 19:18:59.0625 16772 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/18 19:18:59.0650 16772 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/18 19:18:59.0670 16772 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/18 19:18:59.0719 16772 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/09/18 19:18:59.0748 16772 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/18 19:18:59.0779 16772 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/18 19:18:59.0805 16772 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
2011/09/18 19:18:59.0833 16772 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
2011/09/18 19:18:59.0855 16772 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
2011/09/18 19:18:59.0885 16772 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
2011/09/18 19:18:59.0914 16772 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/09/18 19:18:59.0938 16772 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/18 19:18:59.0957 16772 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/18 19:18:59.0979 16772 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/18 19:19:00.0018 16772 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/18 19:19:00.0049 16772 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/18 19:19:00.0086 16772 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/18 19:19:00.0131 16772 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/18 19:19:00.0151 16772 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/18 19:19:00.0184 16772 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/09/18 19:19:00.0230 16772 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/18 19:19:00.0273 16772 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/18 19:19:00.0307 16772 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/18 19:19:00.0363 16772 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/09/18 19:19:00.0431 16772 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/09/18 19:19:00.0453 16772 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/18 19:19:00.0487 16772 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/18 19:19:00.0530 16772 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/18 19:19:00.0576 16772 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/18 19:19:00.0693 16772 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/18 19:19:00.0824 16772 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/18 19:19:00.0850 16772 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/18 19:19:00.0891 16772 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/18 19:19:00.0917 16772 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/18 19:19:00.0949 16772 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/18 19:19:00.0984 16772 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/18 19:19:01.0008 16772 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/18 19:19:01.0037 16772 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/18 19:19:01.0060 16772 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/09/18 19:19:01.0091 16772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/18 19:19:01.0116 16772 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/18 19:19:01.0139 16772 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/18 19:19:01.0169 16772 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/18 19:19:01.0214 16772 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/18 19:19:01.0251 16772 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/18 19:19:01.0287 16772 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/09/18 19:19:01.0307 16772 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/18 19:19:01.0339 16772 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/18 19:19:01.0365 16772 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/18 19:19:01.0413 16772 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/18 19:19:01.0457 16772 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/18 19:19:01.0493 16772 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/09/18 19:19:01.0530 16772 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/18 19:19:01.0567 16772 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/18 19:19:01.0616 16772 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/09/18 19:19:01.0664 16772 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/18 19:19:01.0911 16772 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/09/18 19:19:02.0135 16772 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/18 19:19:02.0168 16772 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/09/18 19:19:02.0246 16772 IntcAzAudAddService (21b624453727a12f379dd3f61648aec4) C:\Windows\system32\drivers\RTKVHD64.sys
2011/09/18 19:19:02.0320 16772 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/09/18 19:19:02.0344 16772 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/18 19:19:02.0375 16772 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/18 19:19:02.0418 16772 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/18 19:19:02.0446 16772 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/18 19:19:02.0471 16772 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/18 19:19:02.0505 16772 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/18 19:19:02.0525 16772 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/18 19:19:02.0551 16772 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/18 19:19:02.0592 16772 JMCR (5b821304605302acae5993937a587330) C:\Windows\system32\DRIVERS\jmcr.sys
2011/09/18 19:19:02.0620 16772 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/18 19:19:02.0639 16772 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/18 19:19:02.0670 16772 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/18 19:19:02.0699 16772 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/18 19:19:02.0727 16772 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/18 19:19:02.0772 16772 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/18 19:19:02.0826 16772 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/18 19:19:02.0852 16772 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/18 19:19:02.0882 16772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/18 19:19:02.0910 16772 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/18 19:19:02.0940 16772 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/18 19:19:02.0977 16772 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/18 19:19:03.0008 16772 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/18 19:19:03.0045 16772 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/18 19:19:03.0071 16772 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/18 19:19:03.0096 16772 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/18 19:19:03.0130 16772 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/18 19:19:03.0157 16772 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/09/18 19:19:03.0186 16772 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/18 19:19:03.0207 16772 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/18 19:19:03.0232 16772 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/18 19:19:03.0272 16772 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/18 19:19:03.0315 16772 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/18 19:19:03.0336 16772 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/18 19:19:03.0372 16772 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/18 19:19:03.0396 16772 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/18 19:19:03.0429 16772 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/18 19:19:03.0450 16772 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/18 19:19:03.0465 16772 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/18 19:19:03.0497 16772 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/18 19:19:03.0522 16772 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/18 19:19:03.0549 16772 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/18 19:19:03.0572 16772 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/09/18 19:19:03.0592 16772 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/18 19:19:03.0608 16772 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/18 19:19:03.0624 16772 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/18 19:19:03.0696 16772 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/18 19:19:03.0763 16772 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/18 19:19:03.0814 16772 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/09/18 19:19:03.0867 16772 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/18 19:19:03.0902 16772 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/18 19:19:03.0932 16772 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/18 19:19:03.0956 16772 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/18 19:19:03.0982 16772 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/09/18 19:19:04.0007 16772 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/18 19:19:04.0029 16772 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/18 19:19:04.0217 16772 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys
2011/09/18 19:19:04.0404 16772 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/18 19:19:04.0450 16772 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/18 19:19:04.0477 16772 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/18 19:19:04.0542 16772 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
2011/09/18 19:19:04.0607 16772 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/18 19:19:04.0827 16772 nvlddmkm (29c37a82d52c06e20afe6de0ee140f5b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/18 19:19:05.0064 16772 nvpciflt (99d1febfcf89381494fc548bf8d03724) C:\Windows\system32\DRIVERS\nvpciflt.sys
2011/09/18 19:19:05.0102 16772 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/18 19:19:05.0140 16772 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/18 19:19:05.0191 16772 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/18 19:19:05.0236 16772 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/18 19:19:05.0287 16772 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/18 19:19:05.0311 16772 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/09/18 19:19:05.0386 16772 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
2011/09/18 19:19:05.0422 16772 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/09/18 19:19:05.0450 16772 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/18 19:19:05.0481 16772 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/18 19:19:05.0509 16772 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/18 19:19:05.0534 16772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/18 19:19:05.0618 16772 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/18 19:19:05.0638 16772 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/18 19:19:05.0679 16772 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/18 19:19:05.0723 16772 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/09/18 19:19:05.0804 16772 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys
2011/09/18 19:19:05.0835 16772 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys
2011/09/18 19:19:05.0853 16772 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys
2011/09/18 19:19:05.0883 16772 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
2011/09/18 19:19:05.0935 16772 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/18 19:19:06.0000 16772 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/18 19:19:06.0029 16772 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/18 19:19:06.0053 16772 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/18 19:19:06.0078 16772 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/18 19:19:06.0106 16772 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/18 19:19:06.0130 16772 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/18 19:19:06.0150 16772 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/18 19:19:06.0176 16772 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/18 19:19:06.0200 16772 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/18 19:19:06.0223 16772 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/18 19:19:06.0257 16772 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/18 19:19:06.0278 16772 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/18 19:19:06.0304 16772 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/09/18 19:19:06.0331 16772 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/09/18 19:19:06.0398 16772 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/18 19:19:06.0442 16772 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/18 19:19:06.0474 16772 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/09/18 19:19:06.0509 16772 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/18 19:19:06.0538 16772 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/18 19:19:06.0570 16772 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/09/18 19:19:06.0613 16772 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/18 19:19:06.0652 16772 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/18 19:19:06.0690 16772 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/18 19:19:06.0721 16772 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/18 19:19:06.0778 16772 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/18 19:19:06.0803 16772 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/18 19:19:06.0843 16772 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/18 19:19:06.0870 16772 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/18 19:19:06.0901 16772 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/18 19:19:06.0920 16772 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/18 19:19:06.0940 16772 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/18 19:19:06.0971 16772 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/18 19:19:07.0032 16772 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/09/18 19:19:07.0073 16772 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/18 19:19:07.0122 16772 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/18 19:19:07.0157 16772 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
2011/09/18 19:19:07.0183 16772 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/18 19:19:07.0215 16772 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/18 19:19:07.0277 16772 SynTP (36f506c894e1ea59c65faf6398bdf49a) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/18 19:19:07.0402 16772 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
2011/09/18 19:19:07.0489 16772 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/18 19:19:07.0520 16772 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/18 19:19:07.0557 16772 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/18 19:19:07.0583 16772 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/18 19:19:07.0605 16772 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/18 19:19:07.0629 16772 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/18 19:19:07.0682 16772 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
2011/09/18 19:19:07.0725 16772 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
2011/09/18 19:19:07.0752 16772 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
2011/09/18 19:19:07.0785 16772 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/09/18 19:19:07.0820 16772 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/18 19:19:07.0849 16772 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/18 19:19:07.0885 16772 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
2011/09/18 19:19:07.0917 16772 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/18 19:19:07.0954 16772 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/18 19:19:08.0010 16772 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/18 19:19:08.0033 16772 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/18 19:19:08.0052 16772 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/18 19:19:08.0111 16772 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/09/18 19:19:08.0143 16772 usbccgp (945bfba692c0f3cdf5a9d824972188f6) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/18 19:19:08.0169 16772 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/18 19:19:08.0206 16772 usbehci (b6942800840c9466223aefd4d9a74fbf) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/18 19:19:08.0244 16772 usbhub (85bc7b6ee233b4e979e024a3cd15cd49) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/18 19:19:08.0272 16772 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/18 19:19:08.0296 16772 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/18 19:19:08.0322 16772 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/18 19:19:08.0346 16772 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/18 19:19:08.0397 16772 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/18 19:19:08.0439 16772 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/18 19:19:08.0466 16772 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/18 19:19:08.0488 16772 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/18 19:19:08.0523 16772 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/18 19:19:08.0550 16772 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/18 19:19:08.0577 16772 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/18 19:19:08.0636 16772 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/09/18 19:19:08.0672 16772 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/18 19:19:08.0708 16772 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/18 19:19:08.0735 16772 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/09/18 19:19:08.0756 16772 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/18 19:19:08.0782 16772 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/09/18 19:19:08.0827 16772 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/18 19:19:08.0859 16772 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/18 19:19:08.0880 16772 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/18 19:19:08.0973 16772 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/18 19:19:09.0008 16772 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/18 19:19:09.0058 16772 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys
2011/09/18 19:19:09.0108 16772 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/18 19:19:09.0138 16772 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/09/18 19:19:09.0153 16772 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/18 19:19:09.0225 16772 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/18 19:19:09.0277 16772 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/18 19:19:09.0313 16772 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/18 19:19:09.0360 16772 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
2011/09/18 19:19:09.0391 16772 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/18 19:19:09.0467 16772 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
2011/09/18 19:19:09.0537 16772 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/09/18 19:19:09.0551 16772 Boot (0x1200) (3598336a0db3a2865ac0681cf462545d) \Device\Harddisk0\DR0\Partition0
2011/09/18 19:19:09.0568 16772 Boot (0x1200) (b332caaf31e2d85383db1146060ff012) \Device\Harddisk0\DR0\Partition1
2011/09/18 19:19:09.0572 16772 ================================================================================
2011/09/18 19:19:09.0572 16772 Scan finished
2011/09/18 19:19:09.0572 16772 ================================================================================
2011/09/18 19:19:09.0582 16764 Detected object count: 0
2011/09/18 19:19:09.0582 16764 Actual detected object count: 0
----

Thanks!
lycophidion
Regular Member
 
Posts: 17
Joined: September 16th, 2011, 11:15 pm

Re: Google -- and other search engine -- redirect

Unread postby Gary R » September 19th, 2011, 6:59 am

Nothing much showing in your logs, so we'll take care of what there is and see where that takes us ....

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/13 06:50:47 | 000,000,000 | ---D | M]
O2 - BHO: (Video Download Toolbar Intercept) - {B29002A0-87A1-4DC4-AC55-5982034EB61E} - C:\Program Files (x86)\VideoDownloadToolbar\VideoDownloadToolbarIntercept.dll (Sakysoft s.r.l. uninominale)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2467456713-2382794928-1521613451-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O33 - MountPoints2\{318e18ff-376a-11e0-84d2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{318e18ff-376a-11e0-84d2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\OblivionLauncher.exe -- [2006/02/27 10:15:50 | 001,662,976 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\{9532108e-3c60-11e0-98f3-c0cb38acbedc}\Shell - "" = AutoRun
O33 - MountPoints2\{9532108e-3c60-11e0-98f3-c0cb38acbedc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a6a3caa1-9829-11e0-822f-c0cb38acbedc}\Shell - "" = AutoRun
O33 - MountPoints2\{a6a3caa1-9829-11e0-822f-c0cb38acbedc}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{d6c74f55-5afb-11e0-a698-c0cb38acbedc}\Shell - "" = AutoRun
O33 - MountPoints2\{d6c74f55-5afb-11e0-a698-c0cb38acbedc}\Shell\AutoRun\command - "" = E:\AutoRunMorrowind.exe
O33 - MountPoints2\{d6c74f55-5afb-11e0-a698-c0cb38acbedc}\Shell\install\command - "" = E:\Setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[2011/09/18 18:07:37 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{8BDF89B0-A489-446F-969B-EAD01D133EE3}
[2011/09/17 21:28:52 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{9DD875B9-8B30-4743-A652-71C6E31D1795}
[2011/09/17 09:51:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{53432C18-3B8E-4AD2-98DC-345DC76CCFA5}
[2011/09/16 21:38:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{4FB9B23F-D2AF-453B-A963-D83723F0F2C5}
[2011/09/15 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{4BC48493-4E63-483E-B90F-20E3054AB804}
[2011/09/15 18:28:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{F25AEC11-BE49-41E6-9CC9-6DDD5759CB49}
[2011/09/15 15:19:54 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{54284A07-9C7F-44F7-8F45-41B4E465EA9C}
[2011/09/15 14:03:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{1BDB3225-CDBA-4796-A707-66993F155D63}
[2011/09/15 10:35:59 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{866523F3-76D6-462E-B7C0-7D0B6923A127}
[2011/09/14 18:43:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{92811E7C-3E79-460C-9323-B1DC376AD7CA}
[2011/09/13 17:27:05 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{06AD9151-EC75-48D4-8A50-6E79C835C0FE}
[2011/09/13 15:26:42 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{FA828AA2-7DB9-46EB-B22C-36C8F1E772B0}
[2011/09/13 10:40:59 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{EC017A03-CFE4-4A4E-9BB8-AB6575B3FBC9}
[2011/09/12 23:25:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{99079B98-1FE1-4DD3-99C7-F28B544BD6FB}
[2011/09/12 21:05:21 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{8B00A4F4-06D6-42B8-9FEA-7CA49B66E81E}
[2011/09/11 19:38:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{CA5C0E11-09AB-4611-8CF8-348519FFE34B}
[2011/09/11 17:05:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{B33B1F6A-18E2-402F-A3BB-52C60D8D9879}
[2011/09/11 08:50:58 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{F63AB634-BF33-4696-A9BB-254CAF85137F}
[2011/09/10 22:26:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{0F660357-27DA-42BF-B75E-0F14CA7AE98D}
[2011/09/10 09:15:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{3BD6AA82-D3D1-4777-91F8-BD510C3129B3}
[2011/09/10 01:25:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{C42CC962-8E38-4FCB-8D98-F8F2BC26018D}
[2011/09/10 00:01:39 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{FAA6F676-0E13-4E85-A0EB-46FB706AAC33}
[2011/09/09 20:14:12 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{D8EB9E07-1A2D-4608-8703-6530EC3A9D72}
[2011/09/09 17:23:12 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{2BFBADBC-BA16-4DAF-854D-8FA1202E34B9}
[2011/09/09 12:20:03 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{BA21BE42-38C1-4478-B1AC-0EB1D6ED9032}
[2011/09/09 01:18:42 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{7E0B9497-898F-4186-84ED-5CB990C4DFFB}
[2011/09/08 21:08:00 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{1E4190BC-EBF8-44D8-B57C-AADA94E28537}
[2011/09/08 19:11:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{E4159B49-7830-41C0-8467-93D0C91A311C}
[2011/09/08 13:20:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{EC338650-AE5B-4932-A51D-8937A35932DD}
[2011/09/08 10:57:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{2D7003B2-DD1F-41A4-A5D6-4D1D96F3F9D3}
[2011/09/07 20:36:03 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{B6CE6441-CBF2-4C4B-8B10-D2CBE7234DAE}
[2011/09/07 09:10:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{C5CE7803-1056-4421-81D2-3F8FC85809E0}
[2011/09/06 20:09:41 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{071AE803-920B-4CF4-966D-D4C1B29E1870}
[2011/09/06 16:38:56 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{441D890F-1ADE-4D8F-9BC8-477010F0E3F0}
[2011/09/06 12:32:52 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{B193E23A-CD0C-4907-B625-16CCF17E520F}
[2011/09/06 10:53:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{73CB1743-6163-4C36-B604-21FC0239686A}
[2011/09/05 22:26:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{A6862825-D7D7-4DAB-B276-72669B5F7EB2}
[2011/09/05 15:43:34 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{ABDB1380-A90E-40E2-898C-D4F28FDD5519}
[2011/09/05 11:13:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{13785D45-C569-44A2-8C47-D9BB02F3C630}
[2011/09/04 20:18:56 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{9E80FEFB-8D7B-4E6B-8207-07CF3859B079}
[2011/09/04 19:03:23 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{7D9FD54A-0E03-4C18-A469-05C147AB7C75}
[2011/09/04 16:47:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{96599E0C-9C59-415F-83F7-A888F0286D7E}
[2011/09/04 08:29:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{174DA1C0-5125-4853-AF9B-09AD900512A0}
[2011/09/03 10:22:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{59C48BEA-C608-43A3-88CA-95137A319233}
[2011/09/02 23:38:44 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{46CA75E5-7C57-429B-B28D-7984F4C5D300}
[2011/09/02 15:33:17 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{771E7C96-AA89-407F-9BAE-2079E3B3479D}
[2011/09/01 15:36:53 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{B04750A4-0429-41DB-94C6-AC0BACBFA47F}
[2011/09/01 08:24:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{D65B51FE-357E-494D-9E5F-D58E648C2658}
[2011/08/31 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{C75DE5DD-A362-48A9-A63E-28533788B8A8}
[2011/08/31 10:34:02 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{B65ECC59-866B-4A3F-BE7E-C9EDE1DD1FC5}
[2011/08/30 18:27:05 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{7C26AB20-615B-458D-BB13-4BB3A2A0D220}
[2011/08/30 14:38:42 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{CD8D0CA3-F894-49D9-94A0-CE981FFF7EA9}
[2011/08/29 13:42:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{CF4B2485-8CD3-4206-9ACF-439A62AD3087}
[2011/08/29 09:39:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{A7A06682-89D6-4744-BC96-DB0279FF6900}
[2011/08/29 08:08:56 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{4D4E3C14-E491-4654-AF4E-AB16A0535763}
[2011/08/29 01:34:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{21D94AE1-958A-4A48-8CF3-E57ED958FDCF}
[2011/08/28 22:03:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{5A8C5B01-0089-4242-8AEC-77572F2B10B2}
[2011/08/28 11:09:19 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{6DF5DB4D-0BAB-4532-8ED1-7D3421955A2B}
[2011/08/27 21:13:45 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{5334B3A9-9A14-4B34-AD4D-74C9001EF7D0}
[2011/08/27 19:23:40 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{E3C11369-B2C1-459E-A947-78B82C0F8A31}
[2011/08/27 16:59:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{B55620E5-774D-4C3C-918C-86CEB761AB4F}
[2011/08/27 06:12:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{F4D8B800-3B67-4B0E-A4D8-B8B20A08E92E}
[2011/08/27 02:20:26 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{E888BD6F-4360-446D-A76D-F1F0DCF24A8D}
[2011/08/26 19:39:44 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{577F163D-3C0D-4871-B510-E3CC4361C401}
[2011/08/24 09:47:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{07DFCC61-F312-4F16-B282-9B5A88589030}
[2011/08/23 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{622FC7EA-AB49-4957-A34F-8C0F0F09D388}
[2011/08/23 19:51:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{53EDAA21-CDDF-45E9-A7C3-F45C925C979D}
[2011/08/23 14:43:26 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{29FE0FFB-C4B8-4C7E-8EC0-9A7A7385DAED}
[2011/08/23 10:30:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{E1E7176C-C626-405A-92A3-228EA7467FC3}
[2011/08/22 18:14:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{5376C1DC-4526-47E9-8DAA-5B20D4A3C00F}
[2011/08/22 08:54:18 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{9EED1E65-7747-4BE0-ACD3-F89DAD53E037}
[2011/08/21 19:19:38 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{91187A56-212A-41ED-B42F-891F68FC4BE5}
[2011/08/21 18:03:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{0422C965-3F01-42AF-9982-B6742B1D4255}
[2011/08/21 16:24:32 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{AE2718D7-938D-43E3-94FB-EEAD72439795}
[2011/08/21 13:59:42 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{38301210-10A4-4152-8F37-56AA4828D6E4}
[2011/08/21 10:07:17 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{719D67E9-AB0E-4416-A98C-0D6350E298F7}
[2011/08/20 20:22:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{689EC1CE-DAF1-4A3B-83F5-C1400391277C}
[2011/08/20 13:15:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{6D4BD07F-53CA-4097-A927-072D5B21627C}
[2011/08/19 23:38:40 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{8DC350F6-1991-4490-866C-8D673B0AAB88}
[2011/08/19 20:45:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{05C412AD-D317-4497-8EAC-14503DA6F66D}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
[emptyflash]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Let’s try to Reset your Router to its default configuration.
  • This can be done by inserting something like an opened paper clip into a small hole labeled Reset that's usually found at the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know your router's default password, you can look it up. HERE
  • You will need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to ask your Internet Service Provider (ISP) which DNS servers your network should be using.

Note: After resetting your router, if you are using the default router password it is important to set a non-default password, and if possible, username, on the router. This should help to stop your router from being hijacked again.

Next

Please download SystemLook from one of the links below and save it to your Desktop.

For 64 bit Systems
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:filefind
mmswsock.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL log
  • SystemLook log
  • E-Set log
  • Are you still being re-directed ?


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google -- and other search engine -- redirect

Unread postby lycophidion » September 19th, 2011, 9:28 pm

Ok, so here's the log from the OTL custom fix:
-----
All processes killed
========== OTL ==========
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B29002A0-87A1-4DC4-AC55-5982034EB61E}\ deleted successfully.
C:\Program Files (x86)\VideoDownloadToolbar\VideoDownloadToolbarIntercept.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2467456713-2382794928-1521613451-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{318e18ff-376a-11e0-84d2-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318e18ff-376a-11e0-84d2-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{318e18ff-376a-11e0-84d2-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318e18ff-376a-11e0-84d2-806e6f6e6963}\ not found.
File move failed. D:\OblivionLauncher.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9532108e-3c60-11e0-98f3-c0cb38acbedc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9532108e-3c60-11e0-98f3-c0cb38acbedc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9532108e-3c60-11e0-98f3-c0cb38acbedc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9532108e-3c60-11e0-98f3-c0cb38acbedc}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6a3caa1-9829-11e0-822f-c0cb38acbedc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6a3caa1-9829-11e0-822f-c0cb38acbedc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6a3caa1-9829-11e0-822f-c0cb38acbedc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6a3caa1-9829-11e0-822f-c0cb38acbedc}\ not found.
File E:\KODAK_Camera_Setup_App.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6c74f55-5afb-11e0-a698-c0cb38acbedc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6c74f55-5afb-11e0-a698-c0cb38acbedc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6c74f55-5afb-11e0-a698-c0cb38acbedc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6c74f55-5afb-11e0-a698-c0cb38acbedc}\ not found.
File E:\AutoRunMorrowind.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6c74f55-5afb-11e0-a698-c0cb38acbedc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6c74f55-5afb-11e0-a698-c0cb38acbedc}\ not found.
File E:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe -a not found.
C:\Users\Mike\AppData\Local\{8BDF89B0-A489-446F-969B-EAD01D133EE3} folder moved successfully.
C:\Users\Mike\AppData\Local\{9DD875B9-8B30-4743-A652-71C6E31D1795} folder moved successfully.
C:\Users\Mike\AppData\Local\{53432C18-3B8E-4AD2-98DC-345DC76CCFA5} folder moved successfully.
C:\Users\Mike\AppData\Local\{4FB9B23F-D2AF-453B-A963-D83723F0F2C5} folder moved successfully.
C:\Users\Mike\AppData\Local\{4BC48493-4E63-483E-B90F-20E3054AB804} folder moved successfully.
C:\Users\Mike\AppData\Local\{F25AEC11-BE49-41E6-9CC9-6DDD5759CB49} folder moved successfully.
C:\Users\Mike\AppData\Local\{54284A07-9C7F-44F7-8F45-41B4E465EA9C} folder moved successfully.
C:\Users\Mike\AppData\Local\{1BDB3225-CDBA-4796-A707-66993F155D63} folder moved successfully.
C:\Users\Mike\AppData\Local\{866523F3-76D6-462E-B7C0-7D0B6923A127} folder moved successfully.
C:\Users\Mike\AppData\Local\{92811E7C-3E79-460C-9323-B1DC376AD7CA} folder moved successfully.
C:\Users\Mike\AppData\Local\{06AD9151-EC75-48D4-8A50-6E79C835C0FE} folder moved successfully.
C:\Users\Mike\AppData\Local\{FA828AA2-7DB9-46EB-B22C-36C8F1E772B0} folder moved successfully.
C:\Users\Mike\AppData\Local\{EC017A03-CFE4-4A4E-9BB8-AB6575B3FBC9} folder moved successfully.
C:\Users\Mike\AppData\Local\{99079B98-1FE1-4DD3-99C7-F28B544BD6FB} folder moved successfully.
C:\Users\Mike\AppData\Local\{8B00A4F4-06D6-42B8-9FEA-7CA49B66E81E} folder moved successfully.
C:\Users\Mike\AppData\Local\{CA5C0E11-09AB-4611-8CF8-348519FFE34B} folder moved successfully.
C:\Users\Mike\AppData\Local\{B33B1F6A-18E2-402F-A3BB-52C60D8D9879} folder moved successfully.
C:\Users\Mike\AppData\Local\{F63AB634-BF33-4696-A9BB-254CAF85137F} folder moved successfully.
C:\Users\Mike\AppData\Local\{0F660357-27DA-42BF-B75E-0F14CA7AE98D} folder moved successfully.
C:\Users\Mike\AppData\Local\{3BD6AA82-D3D1-4777-91F8-BD510C3129B3} folder moved successfully.
C:\Users\Mike\AppData\Local\{C42CC962-8E38-4FCB-8D98-F8F2BC26018D} folder moved successfully.
C:\Users\Mike\AppData\Local\{FAA6F676-0E13-4E85-A0EB-46FB706AAC33} folder moved successfully.
C:\Users\Mike\AppData\Local\{D8EB9E07-1A2D-4608-8703-6530EC3A9D72} folder moved successfully.
C:\Users\Mike\AppData\Local\{2BFBADBC-BA16-4DAF-854D-8FA1202E34B9} folder moved successfully.
C:\Users\Mike\AppData\Local\{BA21BE42-38C1-4478-B1AC-0EB1D6ED9032} folder moved successfully.
C:\Users\Mike\AppData\Local\{7E0B9497-898F-4186-84ED-5CB990C4DFFB} folder moved successfully.
C:\Users\Mike\AppData\Local\{1E4190BC-EBF8-44D8-B57C-AADA94E28537} folder moved successfully.
C:\Users\Mike\AppData\Local\{E4159B49-7830-41C0-8467-93D0C91A311C} folder moved successfully.
C:\Users\Mike\AppData\Local\{EC338650-AE5B-4932-A51D-8937A35932DD} folder moved successfully.
C:\Users\Mike\AppData\Local\{2D7003B2-DD1F-41A4-A5D6-4D1D96F3F9D3} folder moved successfully.
C:\Users\Mike\AppData\Local\{B6CE6441-CBF2-4C4B-8B10-D2CBE7234DAE} folder moved successfully.
C:\Users\Mike\AppData\Local\{C5CE7803-1056-4421-81D2-3F8FC85809E0} folder moved successfully.
C:\Users\Mike\AppData\Local\{071AE803-920B-4CF4-966D-D4C1B29E1870} folder moved successfully.
C:\Users\Mike\AppData\Local\{441D890F-1ADE-4D8F-9BC8-477010F0E3F0} folder moved successfully.
C:\Users\Mike\AppData\Local\{B193E23A-CD0C-4907-B625-16CCF17E520F} folder moved successfully.
C:\Users\Mike\AppData\Local\{73CB1743-6163-4C36-B604-21FC0239686A} folder moved successfully.
C:\Users\Mike\AppData\Local\{A6862825-D7D7-4DAB-B276-72669B5F7EB2} folder moved successfully.
C:\Users\Mike\AppData\Local\{ABDB1380-A90E-40E2-898C-D4F28FDD5519} folder moved successfully.
C:\Users\Mike\AppData\Local\{13785D45-C569-44A2-8C47-D9BB02F3C630} folder moved successfully.
C:\Users\Mike\AppData\Local\{9E80FEFB-8D7B-4E6B-8207-07CF3859B079} folder moved successfully.
C:\Users\Mike\AppData\Local\{7D9FD54A-0E03-4C18-A469-05C147AB7C75} folder moved successfully.
C:\Users\Mike\AppData\Local\{96599E0C-9C59-415F-83F7-A888F0286D7E} folder moved successfully.
C:\Users\Mike\AppData\Local\{174DA1C0-5125-4853-AF9B-09AD900512A0} folder moved successfully.
C:\Users\Mike\AppData\Local\{59C48BEA-C608-43A3-88CA-95137A319233} folder moved successfully.
C:\Users\Mike\AppData\Local\{46CA75E5-7C57-429B-B28D-7984F4C5D300} folder moved successfully.
C:\Users\Mike\AppData\Local\{771E7C96-AA89-407F-9BAE-2079E3B3479D} folder moved successfully.
C:\Users\Mike\AppData\Local\{B04750A4-0429-41DB-94C6-AC0BACBFA47F} folder moved successfully.
C:\Users\Mike\AppData\Local\{D65B51FE-357E-494D-9E5F-D58E648C2658} folder moved successfully.
C:\Users\Mike\AppData\Local\{C75DE5DD-A362-48A9-A63E-28533788B8A8} folder moved successfully.
C:\Users\Mike\AppData\Local\{B65ECC59-866B-4A3F-BE7E-C9EDE1DD1FC5} folder moved successfully.
C:\Users\Mike\AppData\Local\{7C26AB20-615B-458D-BB13-4BB3A2A0D220} folder moved successfully.
C:\Users\Mike\AppData\Local\{CD8D0CA3-F894-49D9-94A0-CE981FFF7EA9} folder moved successfully.
C:\Users\Mike\AppData\Local\{CF4B2485-8CD3-4206-9ACF-439A62AD3087} folder moved successfully.
C:\Users\Mike\AppData\Local\{A7A06682-89D6-4744-BC96-DB0279FF6900} folder moved successfully.
C:\Users\Mike\AppData\Local\{4D4E3C14-E491-4654-AF4E-AB16A0535763} folder moved successfully.
C:\Users\Mike\AppData\Local\{21D94AE1-958A-4A48-8CF3-E57ED958FDCF} folder moved successfully.
C:\Users\Mike\AppData\Local\{5A8C5B01-0089-4242-8AEC-77572F2B10B2} folder moved successfully.
C:\Users\Mike\AppData\Local\{6DF5DB4D-0BAB-4532-8ED1-7D3421955A2B} folder moved successfully.
C:\Users\Mike\AppData\Local\{5334B3A9-9A14-4B34-AD4D-74C9001EF7D0} folder moved successfully.
C:\Users\Mike\AppData\Local\{E3C11369-B2C1-459E-A947-78B82C0F8A31} folder moved successfully.
C:\Users\Mike\AppData\Local\{B55620E5-774D-4C3C-918C-86CEB761AB4F} folder moved successfully.
C:\Users\Mike\AppData\Local\{F4D8B800-3B67-4B0E-A4D8-B8B20A08E92E} folder moved successfully.
C:\Users\Mike\AppData\Local\{E888BD6F-4360-446D-A76D-F1F0DCF24A8D} folder moved successfully.
C:\Users\Mike\AppData\Local\{577F163D-3C0D-4871-B510-E3CC4361C401} folder moved successfully.
C:\Users\Mike\AppData\Local\{07DFCC61-F312-4F16-B282-9B5A88589030} folder moved successfully.
C:\Users\Mike\AppData\Local\{622FC7EA-AB49-4957-A34F-8C0F0F09D388} folder moved successfully.
C:\Users\Mike\AppData\Local\{53EDAA21-CDDF-45E9-A7C3-F45C925C979D} folder moved successfully.
C:\Users\Mike\AppData\Local\{29FE0FFB-C4B8-4C7E-8EC0-9A7A7385DAED} folder moved successfully.
C:\Users\Mike\AppData\Local\{E1E7176C-C626-405A-92A3-228EA7467FC3} folder moved successfully.
C:\Users\Mike\AppData\Local\{5376C1DC-4526-47E9-8DAA-5B20D4A3C00F} folder moved successfully.
C:\Users\Mike\AppData\Local\{9EED1E65-7747-4BE0-ACD3-F89DAD53E037} folder moved successfully.
C:\Users\Mike\AppData\Local\{91187A56-212A-41ED-B42F-891F68FC4BE5} folder moved successfully.
C:\Users\Mike\AppData\Local\{0422C965-3F01-42AF-9982-B6742B1D4255} folder moved successfully.
C:\Users\Mike\AppData\Local\{AE2718D7-938D-43E3-94FB-EEAD72439795} folder moved successfully.
C:\Users\Mike\AppData\Local\{38301210-10A4-4152-8F37-56AA4828D6E4} folder moved successfully.
C:\Users\Mike\AppData\Local\{719D67E9-AB0E-4416-A98C-0D6350E298F7} folder moved successfully.
C:\Users\Mike\AppData\Local\{689EC1CE-DAF1-4A3B-83F5-C1400391277C} folder moved successfully.
C:\Users\Mike\AppData\Local\{6D4BD07F-53CA-4097-A927-072D5B21627C} folder moved successfully.
C:\Users\Mike\AppData\Local\{8DC350F6-1991-4490-866C-8D673B0AAB88} folder moved successfully.
C:\Users\Mike\AppData\Local\{05C412AD-D317-4497-8EAC-14503DA6F66D} folder moved successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mike
->Temp folder emptied: 33027123 bytes
->Temporary Internet Files folder emptied: 20990911 bytes
->Java cache emptied: 6176530 bytes
->FireFox cache emptied: 61325518 bytes
->Flash cache emptied: 827 bytes

User: Public

User: TEMP
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 7812 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 97889 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 4909094 bytes

Total Files Cleaned = 121.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mike
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 09192011_210843

Files\Folders moved on Reboot...
File move failed. D:\OblivionLauncher.exe scheduled to be moved on reboot.
File move failed. C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\Mike\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
C:\Users\UpdatusUser\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.

Registry entries deleted on Reboot...
lycophidion
Regular Member
 
Posts: 17
Joined: September 16th, 2011, 11:15 pm

Re: Google -- and other search engine -- redirect

Unread postby lycophidion » September 19th, 2011, 10:30 pm

And here's the log from SystemLook:
-----
SystemLook 30.07.11 by jpshortstuff
Log created at 22:16 on 19/09/2011 by Mike
Administrator - Elevation successful

========== filefind ==========

Searching for "mmswsock.dll"
No files found.

-= EOF =-
-----
However, I am unable to disable my antivirus and antimalware programs. The link to Trend Micro is dead, and the instructions for Prevx don't match the version I have. There is no selection for "open management console."
lycophidion
Regular Member
 
Posts: 17
Joined: September 16th, 2011, 11:15 pm

Re: Google -- and other search engine -- redirect

Unread postby lycophidion » September 19th, 2011, 10:55 pm

Ok, Gary, last try for tonight. Scratch the last bit about disabling the antiviruses. But, I couldn't get ESET to run. First, I got a message, "Another antivirus software was detected. This may affect the performance and quality of the scan." The antivirus listed was Windows Defender. However, when I checked, it was (and has been) turned off. Next, the virus signature database wouldn't download: "Can not get update. Is proxy configured?" was the message I got.

Thanks,
Mike
lycophidion
Regular Member
 
Posts: 17
Joined: September 16th, 2011, 11:15 pm

Re: Google -- and other search engine -- redirect

Unread postby Gary R » September 20th, 2011, 1:57 am

A few more things to do ....

First

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - mmswsock.dll File not found

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Since you're having problems with E-Set ....

Download Kaspersky Virus Removal Tool to your Desktop.
  • Run the programme you have just downloaded (it will be randomly named).
  • Click the cog in the upper right.
Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Image
  • Allow Virus Removal Tool to delete all infections found
  • Once it has finished select report tab (last tab)
  • Select Detected threats report from the left and press Save button
  • Save it to your desktop and attach to your next post

Summary of the logs I need from you in your next post:
  • Latest OTL log
  • Kaspersky log
  • Let me know if you're still being re-directed.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google -- and other search engine -- redirect

Unread postby lycophidion » September 20th, 2011, 12:16 pm

Ok, here's that OTL log...
-----
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ deleted successfully.

OTL by OldTimer - Version 3.2.29.1 log created on 09202011_114813
-----

In the end, I got E-Set to work, simply by running it with internet explorer. This is the log:
-----
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=0
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=0
esets_scanner_update returned -1 esets_gle=0
-----

I've tried Kaspersky previously, with no effect, but here goes with your settings.... It will take 8 hours, so I'll post when I get results!

Mike
lycophidion
Regular Member
 
Posts: 17
Joined: September 16th, 2011, 11:15 pm

Re: Google -- and other search engine -- redirect

Unread postby lycophidion » September 21st, 2011, 12:44 am

We have a slight problem. I ran Kaspersky, and there were indeed infections -- detected and cleaned. However, when the program rebooted the computer, I could no longer access the internet. The network connection is there, but -- the browsers can't access it.

Mike
lycophidion
Regular Member
 
Posts: 17
Joined: September 16th, 2011, 11:15 pm

Re: Google -- and other search engine -- redirect

Unread postby Gary R » September 21st, 2011, 1:39 am

Can you post the log that Kaspersky produced please, that way I can see what it removed and hopefully be able to resolve your connection problem.

Do you get any error messages when you try to connect, if so please note them down and let me know what they are.

Is your connection problem specific to one browser, or have you tried more than one without success ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google -- and other search engine -- redirect

Unread postby lycophidion » September 21st, 2011, 7:09 pm

I don't think I can post the full Kaspersky log -- the textfile is huge -- 77 mb!

The problem with my connectivity: It's both of my browsers, IE and Firefox. On Firefox, it's "Firefox can't find the server at ..." On IE, Internet Explorer cannot display the webpage." Strange thing is I just downloaded a windows service pack.

M.
lycophidion
Regular Member
 
Posts: 17
Joined: September 16th, 2011, 11:15 pm

Re: Google -- and other search engine -- redirect

Unread postby Gary R » September 22nd, 2011, 1:14 am

OK try the following to see if it restores your connection .....

  • Click Start
  • In the Search Programs and Files box type cmd
  • Right click on cmd.exe (at the top of the found programs list) and select Run as Administrator
  • OK any prompt
  • A command window will open.
  • type netsh winsock reset and hit Enter.
  • You should get the following message .... successfully reset the Winsock Catalogue .... You must restart the computer in order to complete the reset.
  • Now type ipconfig /flushdns
  • You should get a message .... Windows IP configuration .... Successfully flushed the DNS Resolver Cache
  • Exit the Command Window.

Now reboot your computer

Let me know if you can now access the Internet.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 278 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware