Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Redirection on search result links

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Internet Redirection on search result links

Unread postby Marino » April 22nd, 2010, 1:11 pm

I can see redirections again:

This is what happens:

Google search for "Internet redirect"

first hit should be link to:
http://forums.techguy.org/malware-remov ... t-bug.html
but it goes to:
http://www.upliftsearch.com/?keyword=in ... d=utr_2507
when I press "back" it goes to:
http://www.google.ca/search?q=Internet+ ... lwev9qW6Dw

Second link should be to:
http://www.daniweb.com/forums/thread110569.html
but it goes via:
http://www.gneiarotohng.com/search.php? ... 1271955347
to:
http://kc.mv.bidsystem.com/bin/findwhat ... ao4TWZS;pq
and second time I click on it to:
http://btcar.com/Internet+redirect.cfm?pt=2&rpt=1&kt=1
when I press back it shows:
http://www.google.ca/search?q=Internet+ ... lwev9qW6Dw
--------------------------------------------------------

Validation for the program:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-J8BM6-MXPH6-3R2BW
Windows Product Key Hash: YMRVitCEjlJfwDQfjDvm97FbWA4=
Windows Product ID: 76477-OEM-2111907-00103
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {5DC4EE0E-C1F5-4277-904B-D0D07BBECE21}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5DC4EE0E-C1F5-4277-904B-D0D07BBECE21}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3R2BW</PKey><PID>76477-OEM-2111907-00103</PID><PIDType>2</PIDType><SID>S-1-5-21-2123106126-1550099381-2496440975</SID><SYSTEM><Manufacturer>Gateway </Manufacturer><Model>7330GZ </Model></SYSTEM><BIOS><Manufacturer>AMI </Manufacturer><Version>NOTE BIOS Version /52.01.18 </Version><SMBIOSVersion major="2" minor="3"/><Date>20050607000000.000000+000</Date><SLPBIOS>Gateway,Gateway,Gateway,Gateway</SLPBIOS></BIOS><HWID>CB3A3E07018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Gateway</name><model>7330GZ</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.18.5"/><File Name="WgaLogon.dll" Version="1.7.18.5"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17870</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>108</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65129</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/><App Id="15" Version="12" Result="108"/><App Id="16" Version="12" Result="108"/><App Id="18" Version="12" Result="108"/><App Id="19" Version="12" Result="108"/><App Id="1A" Version="12" Result="108"/><App Id="1B" Version="12" Result="108"/><App Id="44" Version="12" Result="108"/><App Id="A1" Version="12" Result="108"/><App Id="BA" Version="12" Result="108"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E840:Gateway, Inc|12F3C:GENUINE C&C INC
Marker string from OEMBIOS.DAT: Gateway,Gateway,Gateway,Gateway

OEM Activation 2.0 Data-->
N/A
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm
Advertisement
Register to Remove

Re: Internet Redirection on search result links

Unread postby askey127 » April 22nd, 2010, 2:32 pm

Marino,
Time to go hunting some "legitimate" programs, and things that are correcting our changes.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Microsoft Choice Guard
Tabbed Browsing (Windows Live Toolbar)
OneCare Advisor (Windows Live Toolbar)
Viewpoint Media Player
MSRedist
MioMore Desktop 2008
Eusing Free Registry Cleaner

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
-----------------------------------------------------------
REBOOT(RESTART) Your Machine
---------------------------------------------
Run a Short Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • In the Modules frame, check None
  • In The Drivers Frame, check None
  • In The Extra Registry Frame, check None
  • In the Frame labeled "Files Created Within", check None
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.

Let me know what was not found and any that refused to Uninstall.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Redirection on search result links

Unread postby Marino » April 22nd, 2010, 4:01 pm

Hi

The results from uninstall:



Microsoft Choice Guard NOT FOUND
Tabbed Browsing (Windows Live Toolbar) NOT FOUND
OneCare Advisor (Windows Live Toolbar) NOT FOUND
Viewpoint Media Player REMOVED
MSRedist NOT FOUND
MioMore Desktop 2008 REMOVED ( Ahhh..I can reinstall it later if necessary but haven't used it for 6 months )
Eusing Free Registry Cleaner REMOVED

I also tried to remove Torrent but we moved it before ( so how do I uninstall it now ? )

I run Norton removal. This was a relic and I uninstalled it long time ago but apparently there were some registry values leftovers. I did not find it in Add/Remove programs.

I run OTL.exe.

a) Extras.txt was not created.
b) Avira posted a window once saying that D:\Autorun.inf was blocked for security reasons.
c) File age in OTL.exe was set to 30 days

---------------------OTL.txt
OTL logfile created on: 4/22/2010 3:49:37 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 21.22 Gb Free Space | 29.88% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 1.06 Gb Free Space | 30.17% Space Free | Partition Type: FAT32
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARINO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/22 15:46:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/19 17:36:16 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/30 17:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/04/22 00:29:40 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2004/05/26 20:57:24 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwicon2k.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 17:36:16 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/11 09:41:56 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [On_Demand | Stopped] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2006/04/22 00:29:40 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/11/22 11:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/11/22 11:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/04/22 08:07:15 | 000,610,419 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 16151 more lines...
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: TradingMarkets PowerRatings Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : TradingMarkets PowerRatings Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} https://support.gateway.com/eSupport/st ... javx86.exe (Microsoft VM)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5669409484 (WUWebControl Class)
O16 - DPF: {7F4824E8-21D1-4A62-BD34-AB670833DFB6} http://download.microsoft.com/download/ ... upd806.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/softwa ... Plugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 14:13:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{85afb1bc-142b-11df-aff6-00032522eb1b}\Shell - "" = AutoRun
O33 - MountPoints2\{85afb1bc-142b-11df-aff6-00032522eb1b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85afb1bc-142b-11df-aff6-00032522eb1b}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{c0480376-534d-11db-a783-00032522eb1b}\Shell - "" = AutoRun
O33 - MountPoints2\{c0480376-534d-11db-a783-00032522eb1b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d36804ae-ad60-11de-aee2-00032522eb1b}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files - Modified Within 30 Days ==========

[2010/04/22 15:46:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/22 15:41:28 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/22 15:40:53 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\sgnfsfz.job
[2010/04/22 15:40:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/22 15:40:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/22 15:40:45 | 1576,456,192 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/22 15:39:15 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/04/22 15:39:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/22 15:32:46 | 000,854,064 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2010/04/22 15:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/22 13:02:09 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\MGADiag.exe
[2010/04/22 11:50:50 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[2010/04/22 07:57:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fixme.reg
[2010/04/21 19:52:01 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fixme-first.reg
[2010/04/21 13:12:47 | 000,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/21 11:51:12 | 000,097,512 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/21 11:34:05 | 000,000,789 | -H-- | M] () -- C:\WINDOWS\win.ini
[2010/04/21 11:25:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/21 11:25:34 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/04/21 10:53:39 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DesignPro.lnk
[2010/04/21 10:43:06 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2010/04/21 07:54:05 | 000,006,824 | -H-- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/04/19 17:20:05 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2010/04/19 11:12:52 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2010/04/18 15:52:00 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2010/04/17 17:24:52 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 17:13:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/15 16:43:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/13 12:04:19 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/04/12 13:51:14 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/10 08:32:54 | 000,000,497 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/09 16:09:05 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/04/08 16:41:20 | 000,071,680 | RHS- | M] () -- C:\WINDOWS\System32\kbdsly.dll
[2010/04/08 13:30:10 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/03 09:13:25 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2010/04/02 08:29:19 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/02 08:29:18 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/02 08:29:18 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
< End of report >
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 22nd, 2010, 4:56 pm

Marino,
Go to Start, Run
Copy the following line into the 'Open' field:
msiexec /x {8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
OK
-----------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the entire content of the following Code box:
    Code: Select all
    :OTL
    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
    O9 - Extra Button: TradingMarkets PowerRatings Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : TradingMarkets PowerRatings Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - Reg Error: Key error. File not found
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (Reg Error: Key error.)
    O16 - DPF: {7F4824E8-21D1-4A62-BD34-AB670833DFB6} http://download.microsoft.com/download/ ... upd806.exe (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O33 - MountPoints2\{85afb1bc-142b-11df-aff6-00032522eb1b}\Shell - "" = AutoRun
    O33 - MountPoints2\{85afb1bc-142b-11df-aff6-00032522eb1b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{85afb1bc-142b-11df-aff6-00032522eb1b}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
    O33 - MountPoints2\{c0480376-534d-11db-a783-00032522eb1b}\Shell - "" = AutoRun
    O33 - MountPoints2\{c0480376-534d-11db-a783-00032522eb1b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d36804ae-ad60-11de-aee2-00032522eb1b}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
    [2010/04/22 15:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2010/04/22 15:40:53 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\sgnfsfz.job
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Redirection on search result links

Unread postby Marino » April 22nd, 2010, 6:02 pm

Running msiexec /x {8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} I had a message "valid for products already installed"

Please note that there are 2 log files that came up after running OTL; one right after the reboot and the other one after I run OTL quick scan


This poped up right after the reboot----------------------------------------

All processes killed
========== OTL ==========
No active process named SeaPort.exe was found!
Service SeaPort stopped successfully!
Service SeaPort deleted successfully!
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
File move failed. C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ deleted successfully.
C:\Program Files\Windows Live\Toolbar\wltcore.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
File C:\Program Files\Windows Live\Toolbar\wltcore.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}\ not found.
Starting removal of ActiveX control {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Starting removal of ActiveX control {7F4824E8-21D1-4A62-BD34-AB670833DFB6}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7F4824E8-21D1-4A62-BD34-AB670833DFB6}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7F4824E8-21D1-4A62-BD34-AB670833DFB6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4824E8-21D1-4A62-BD34-AB670833DFB6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7F4824E8-21D1-4A62-BD34-AB670833DFB6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4824E8-21D1-4A62-BD34-AB670833DFB6}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CB50428B-657F-47DF-9B32-671F82AA73F7}
C:\WINDOWS\Downloaded Program Files\pxplay.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CB50428B-657F-47DF-9B32-671F82AA73F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB50428B-657F-47DF-9B32-671F82AA73F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CB50428B-657F-47DF-9B32-671F82AA73F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB50428B-657F-47DF-9B32-671F82AA73F7}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:Explorer.exe deleted successfully.
Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85afb1bc-142b-11df-aff6-00032522eb1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85afb1bc-142b-11df-aff6-00032522eb1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85afb1bc-142b-11df-aff6-00032522eb1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85afb1bc-142b-11df-aff6-00032522eb1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85afb1bc-142b-11df-aff6-00032522eb1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85afb1bc-142b-11df-aff6-00032522eb1b}\ not found.
File F:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0480376-534d-11db-a783-00032522eb1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0480376-534d-11db-a783-00032522eb1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0480376-534d-11db-a783-00032522eb1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0480376-534d-11db-a783-00032522eb1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d36804ae-ad60-11de-aee2-00032522eb1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d36804ae-ad60-11de-aee2-00032522eb1b}\ not found.
File F:\WDSetup.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1 deleted successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\WINDOWS\tasks\sgnfsfz.job moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MJ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 26218654 bytes
->Temporary Internet Files folder emptied: 112358967 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2070 bytes

User: ScanSoft Documents

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2589 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 132.00 mb


OTL by OldTimer - Version 3.2.2.0 log created on 04222010_174621

Files\Folders moved on Reboot...
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll moved successfully.
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF1C3D.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF5C4D.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF6D7B.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC24B.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC263.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC2D6.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC2EE.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZZ5ZDTHP\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\60HQR4E6\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...



And this is a log file after running OTL--------------------------------
OTL logfile created on: 4/22/2010 5:55:17 PM - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 21.35 Gb Free Space | 30.08% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 1.06 Gb Free Space | 30.17% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARINO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/22 15:46:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/19 17:36:16 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/30 17:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/04/22 00:29:40 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2004/05/26 20:57:24 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwicon2k.exe


========== Modules (SafeList) ==========

MOD - [2010/04/22 15:46:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 17:36:16 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/11 09:41:56 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [On_Demand | Stopped] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2006/04/22 00:29:40 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/10/21 11:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 11:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/10/21 11:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/10/21 11:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 11:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/10/21 11:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/10/21 11:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/01/09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/09/04 11:37:52 | 000,016,768 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2006/11/23 18:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2006/10/09 18:58:14 | 000,006,400 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOWS\iprot\ec96264d-eafb-4055-a2bb-847f1c4d500c\PhysMem.sys -- (ec96264d-eafb-4055-a2bb-847f1c4d500c)
DRV - [2006/10/07 19:00:06 | 000,108,032 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SSHDRV62.sys -- (SSHDRV62)
DRV - [2006/06/03 15:07:03 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2006/06/03 15:07:02 | 001,107,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2006/06/03 15:07:02 | 000,622,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/03 15:07:02 | 000,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/09 21:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/12 01:46:00 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 15:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2004/08/04 10:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 10:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 01:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/24 13:16:44 | 000,029,856 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMCfilt.sys -- (EMCFILT)
DRV - [2004/03/26 18:15:40 | 000,180,000 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/09/26 11:26:54 | 000,272,128 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2003/09/26 11:25:06 | 000,291,712 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2003/06/30 14:11:52 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/10/02 01:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,060,416 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/11/22 11:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/11/22 11:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/04/22 08:07:15 | 000,610,419 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 16151 more lines...
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} https://support.gateway.com/eSupport/st ... javx86.exe (Microsoft VM)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5669409484 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/softwa ... Plugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 14:13:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/22 17:54:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/22 17:46:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/22 15:46:37 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/22 15:32:44 | 000,854,064 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2010/04/22 13:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/04/22 13:02:05 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\MGADiag.exe
[2010/04/21 19:49:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/21 19:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Erunt
[2010/04/21 11:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2010/04/21 11:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avery
[2010/04/21 11:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/21 10:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\DesignPro
[2010/04/19 11:16:26 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/19 11:12:47 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2010/04/18 15:52:26 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/16 09:59:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/04/15 16:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/04/15 16:43:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/15 16:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/15 16:43:22 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/15 16:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/13 12:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/12 12:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2010/04/09 16:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/09 16:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/07 16:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Updater
[2010/04/03 09:13:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Dropbox
[2010/04/03 09:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2010/03/26 11:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira

========== Files - Modified Within 30 Days ==========

[2010/04/22 17:49:57 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/22 17:49:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/22 17:49:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/22 17:49:27 | 1576,456,192 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/22 17:48:26 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/04/22 17:48:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/22 15:46:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/22 15:32:46 | 000,854,064 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2010/04/22 13:02:09 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\MGADiag.exe
[2010/04/22 11:50:50 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[2010/04/22 07:57:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fixme.reg
[2010/04/21 19:52:01 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fixme-first.reg
[2010/04/21 13:12:47 | 000,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/21 11:51:12 | 000,097,512 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/21 11:34:05 | 000,000,789 | -H-- | M] () -- C:\WINDOWS\win.ini
[2010/04/21 11:25:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/21 11:25:34 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/04/21 10:53:39 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DesignPro.lnk
[2010/04/21 10:43:06 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2010/04/21 07:54:05 | 000,006,824 | -H-- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/04/19 17:20:05 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2010/04/19 11:12:52 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2010/04/18 15:52:00 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2010/04/17 17:24:52 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 17:13:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/15 16:43:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/13 12:04:19 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/04/12 13:51:14 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/10 08:32:54 | 000,000,497 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/09 16:09:05 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/04/08 16:41:20 | 000,071,680 | RHS- | M] () -- C:\WINDOWS\System32\kbdsly.dll
[2010/04/08 13:30:10 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/03 09:13:25 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2010/04/02 08:29:19 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/02 08:29:18 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/02 08:29:18 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/04/22 07:57:28 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fixme.reg
[2010/04/21 19:52:01 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fixme-first.reg
[2010/04/21 11:25:34 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/04/21 11:25:34 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/04/21 10:53:39 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DesignPro.lnk
[2010/04/21 10:43:04 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2010/04/19 17:20:03 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2010/04/18 15:51:54 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2010/04/15 16:43:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/13 12:04:19 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/04/09 16:47:19 | 000,000,497 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/09 16:09:05 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/04/08 16:41:20 | 000,071,680 | RHS- | C] () -- C:\WINDOWS\System32\kbdsly.dll
[2010/04/03 09:13:25 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2010/02/23 16:47:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/11/04 15:53:17 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2009/11/02 21:14:13 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\calera.ini
[2009/11/01 17:05:32 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LineAudio.dll
[2009/07/06 13:59:03 | 000,233,569 | ---- | C] () -- C:\WINDOWS\System32\BayerConvert.dll
[2008/12/26 13:22:07 | 000,000,162 | -H-- | C] () -- C:\WINDOWS\VCDWizardDLL.INI
[2008/06/08 04:11:55 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\PrintMaster.INI
[2008/05/16 14:08:14 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\dcmvwr.INI
[2008/03/22 15:16:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Dvm.INI
[2007/12/18 21:50:59 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2007/08/27 16:14:54 | 000,000,115 | -H-- | C] () -- C:\WINDOWS\iwatch.ini
[2007/03/29 17:09:48 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\liveup.ini
[2007/01/12 17:55:00 | 000,001,419 | -H-- | C] () -- C:\WINDOWS\FORGE32.INI
[2006/11/17 17:31:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/10/16 17:32:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/10/07 19:00:06 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV62.sys
[2006/10/03 22:16:52 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/10/03 22:16:52 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/08/27 16:59:34 | 000,006,824 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/27 13:36:32 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\VI2_SETUP.ini
[2006/04/25 11:46:06 | 000,000,049 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/04/24 14:20:18 | 000,000,084 | -H-- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/04/24 14:20:18 | 000,000,051 | -H-- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/04/22 13:05:22 | 000,000,960 | -H-- | C] () -- C:\WINDOWS\Brpcfx.ini
[2006/04/22 13:05:18 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/04/22 13:05:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\brwmark.ini
[2006/04/22 13:04:10 | 000,002,652 | -H-- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2006/04/22 12:45:26 | 000,001,644 | -H-- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/04/22 12:45:21 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2006/04/22 12:45:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2006/04/22 12:45:21 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2006/04/22 12:45:13 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2006/04/22 11:31:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/04/22 08:33:56 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/22 00:29:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2006/04/21 21:57:30 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2005/03/27 03:10:58 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/23 12:53:24 | 000,001,204 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/23 12:53:24 | 000,000,455 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/03/23 12:52:52 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003122_.tmp.dll
[2005/03/23 12:52:36 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003154_.tmp.dll
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
< End of report >
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby Marino » April 22nd, 2010, 6:03 pm

Running msiexec /x {8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} I had a message "valid for products already installed"

Please note that there are 2 log files that came up after running OTL; one right after the reboot and the other one after I run OTL quick scan


This poped up right after the reboot----------------------------------------

All processes killed
========== OTL ==========
No active process named SeaPort.exe was found!
Service SeaPort stopped successfully!
Service SeaPort deleted successfully!
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
File move failed. C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ deleted successfully.
C:\Program Files\Windows Live\Toolbar\wltcore.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
File C:\Program Files\Windows Live\Toolbar\wltcore.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}\ not found.
Starting removal of ActiveX control {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF}\ not found.
Starting removal of ActiveX control {7F4824E8-21D1-4A62-BD34-AB670833DFB6}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7F4824E8-21D1-4A62-BD34-AB670833DFB6}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7F4824E8-21D1-4A62-BD34-AB670833DFB6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4824E8-21D1-4A62-BD34-AB670833DFB6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7F4824E8-21D1-4A62-BD34-AB670833DFB6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F4824E8-21D1-4A62-BD34-AB670833DFB6}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CB50428B-657F-47DF-9B32-671F82AA73F7}
C:\WINDOWS\Downloaded Program Files\pxplay.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CB50428B-657F-47DF-9B32-671F82AA73F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB50428B-657F-47DF-9B32-671F82AA73F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CB50428B-657F-47DF-9B32-671F82AA73F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB50428B-657F-47DF-9B32-671F82AA73F7}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:Explorer.exe deleted successfully.
Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85afb1bc-142b-11df-aff6-00032522eb1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85afb1bc-142b-11df-aff6-00032522eb1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85afb1bc-142b-11df-aff6-00032522eb1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85afb1bc-142b-11df-aff6-00032522eb1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85afb1bc-142b-11df-aff6-00032522eb1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85afb1bc-142b-11df-aff6-00032522eb1b}\ not found.
File F:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0480376-534d-11db-a783-00032522eb1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0480376-534d-11db-a783-00032522eb1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0480376-534d-11db-a783-00032522eb1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0480376-534d-11db-a783-00032522eb1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d36804ae-ad60-11de-aee2-00032522eb1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d36804ae-ad60-11de-aee2-00032522eb1b}\ not found.
File F:\WDSetup.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1 deleted successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\WINDOWS\tasks\sgnfsfz.job moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MJ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 26218654 bytes
->Temporary Internet Files folder emptied: 112358967 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2070 bytes

User: ScanSoft Documents

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2589 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 132.00 mb


OTL by OldTimer - Version 3.2.2.0 log created on 04222010_174621

Files\Folders moved on Reboot...
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll moved successfully.
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF1C3D.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF5C4D.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF6D7B.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC24B.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC263.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC2D6.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC2EE.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZZ5ZDTHP\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\60HQR4E6\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...



And this is a log file after running OTL--------------------------------
OTL logfile created on: 4/22/2010 5:55:17 PM - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.00 Gb Total Space | 21.35 Gb Free Space | 30.08% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 1.06 Gb Free Space | 30.17% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARINO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/22 15:46:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/19 17:36:16 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/30 17:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 09:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/04/22 00:29:40 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2004/05/26 20:57:24 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwicon2k.exe


========== Modules (SafeList) ==========

MOD - [2010/04/22 15:46:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 17:36:16 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/11 09:41:56 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [On_Demand | Stopped] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2006/04/22 00:29:40 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/10/21 11:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 11:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/10/21 11:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/10/21 11:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 11:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/10/21 11:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/10/21 11:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/01/09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/09/04 11:37:52 | 000,016,768 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2006/11/23 18:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2006/10/09 18:58:14 | 000,006,400 | ---- | M] (Systems Internals) [Kernel | System | Running] -- C:\WINDOWS\iprot\ec96264d-eafb-4055-a2bb-847f1c4d500c\PhysMem.sys -- (ec96264d-eafb-4055-a2bb-847f1c4d500c)
DRV - [2006/10/07 19:00:06 | 000,108,032 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SSHDRV62.sys -- (SSHDRV62)
DRV - [2006/06/03 15:07:03 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2006/06/03 15:07:02 | 001,107,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2006/06/03 15:07:02 | 000,622,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/03 15:07:02 | 000,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/09 21:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/12 01:46:00 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 15:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2004/08/04 10:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 10:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 01:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/24 13:16:44 | 000,029,856 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMCfilt.sys -- (EMCFILT)
DRV - [2004/03/26 18:15:40 | 000,180,000 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003/09/26 11:26:54 | 000,272,128 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2003/09/26 11:25:06 | 000,291,712 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2003/06/30 14:11:52 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/10/02 01:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/18 01:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 01:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 01:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 01:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 01:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 00:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 00:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 00:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 00:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 00:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 00:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 00:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 00:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 00:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 00:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,060,416 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/11/22 11:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/11/22 11:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/04/22 08:07:15 | 000,610,419 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 16151 more lines...
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} https://support.gateway.com/eSupport/st ... javx86.exe (Microsoft VM)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5669409484 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/softwa ... Plugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 14:13:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/22 17:54:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/22 17:46:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/22 15:46:37 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/22 15:32:44 | 000,854,064 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2010/04/22 13:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/04/22 13:02:05 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\MGADiag.exe
[2010/04/21 19:49:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/21 19:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Erunt
[2010/04/21 11:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2010/04/21 11:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avery
[2010/04/21 11:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/21 10:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\DesignPro
[2010/04/19 11:16:26 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/19 11:12:47 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2010/04/18 15:52:26 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/16 09:59:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/04/15 16:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/04/15 16:43:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/15 16:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/15 16:43:22 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/15 16:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/13 12:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/12 12:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2010/04/09 16:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/09 16:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/07 16:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Updater
[2010/04/03 09:13:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Dropbox
[2010/04/03 09:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2010/03/26 11:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira

========== Files - Modified Within 30 Days ==========

[2010/04/22 17:49:57 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/22 17:49:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/22 17:49:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/22 17:49:27 | 1576,456,192 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/22 17:48:26 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/04/22 17:48:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/22 15:46:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/22 15:32:46 | 000,854,064 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Owner\Desktop\Norton_Removal_Tool.exe
[2010/04/22 13:02:09 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\MGADiag.exe
[2010/04/22 11:50:50 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[2010/04/22 07:57:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fixme.reg
[2010/04/21 19:52:01 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fixme-first.reg
[2010/04/21 13:12:47 | 000,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/21 11:51:12 | 000,097,512 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/21 11:34:05 | 000,000,789 | -H-- | M] () -- C:\WINDOWS\win.ini
[2010/04/21 11:25:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/21 11:25:34 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/04/21 10:53:39 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DesignPro.lnk
[2010/04/21 10:43:06 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2010/04/21 07:54:05 | 000,006,824 | -H-- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/04/19 17:20:05 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2010/04/19 11:12:52 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2010/04/18 15:52:00 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2010/04/17 17:24:52 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 17:13:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/15 16:43:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/13 12:04:19 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/04/12 13:51:14 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/10 08:32:54 | 000,000,497 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/04/09 16:09:05 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/04/08 16:41:20 | 000,071,680 | RHS- | M] () -- C:\WINDOWS\System32\kbdsly.dll
[2010/04/08 13:30:10 | 000,000,049 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/03 09:13:25 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2010/04/02 08:29:19 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/02 08:29:18 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/02 08:29:18 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/04/22 07:57:28 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fixme.reg
[2010/04/21 19:52:01 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fixme-first.reg
[2010/04/21 11:25:34 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/04/21 11:25:34 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/04/21 10:53:39 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DesignPro.lnk
[2010/04/21 10:43:04 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2010/04/19 17:20:03 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2010/04/18 15:51:54 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2010/04/15 16:43:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/13 12:04:19 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/04/09 16:47:19 | 000,000,497 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/09 16:09:05 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/04/08 16:41:20 | 000,071,680 | RHS- | C] () -- C:\WINDOWS\System32\kbdsly.dll
[2010/04/03 09:13:25 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2010/02/23 16:47:54 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/11/04 15:53:17 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2009/11/02 21:14:13 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\calera.ini
[2009/11/01 17:05:32 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LineAudio.dll
[2009/07/06 13:59:03 | 000,233,569 | ---- | C] () -- C:\WINDOWS\System32\BayerConvert.dll
[2008/12/26 13:22:07 | 000,000,162 | -H-- | C] () -- C:\WINDOWS\VCDWizardDLL.INI
[2008/06/08 04:11:55 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\PrintMaster.INI
[2008/05/16 14:08:14 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\dcmvwr.INI
[2008/03/22 15:16:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Dvm.INI
[2007/12/18 21:50:59 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2007/08/27 16:14:54 | 000,000,115 | -H-- | C] () -- C:\WINDOWS\iwatch.ini
[2007/03/29 17:09:48 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\liveup.ini
[2007/01/12 17:55:00 | 000,001,419 | -H-- | C] () -- C:\WINDOWS\FORGE32.INI
[2006/11/17 17:31:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/10/16 17:32:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/10/07 19:00:06 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV62.sys
[2006/10/03 22:16:52 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/10/03 22:16:52 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/08/27 16:59:34 | 000,006,824 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/27 13:36:32 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\VI2_SETUP.ini
[2006/04/25 11:46:06 | 000,000,049 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/04/24 14:20:18 | 000,000,084 | -H-- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/04/24 14:20:18 | 000,000,051 | -H-- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/04/22 13:05:22 | 000,000,960 | -H-- | C] () -- C:\WINDOWS\Brpcfx.ini
[2006/04/22 13:05:18 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/04/22 13:05:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\brwmark.ini
[2006/04/22 13:04:10 | 000,002,652 | -H-- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2006/04/22 12:45:26 | 000,001,644 | -H-- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/04/22 12:45:21 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2006/04/22 12:45:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2006/04/22 12:45:21 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2006/04/22 12:45:13 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2006/04/22 11:31:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/04/22 08:33:56 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/22 00:29:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2006/04/21 21:57:30 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2005/03/27 03:10:58 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/23 12:53:24 | 000,001,204 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/23 12:53:24 | 000,000,455 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/03/23 12:52:52 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003122_.tmp.dll
[2005/03/23 12:52:36 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003154_.tmp.dll
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
< End of report >
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 22nd, 2010, 9:21 pm

Marino,
We are beginning the large sledge hammer phase. How are things running?
I will be on travel until tomorrow afternoon; only intermittent connection (if any) until then.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Redirection on search result links

Unread postby Marino » April 23rd, 2010, 7:55 am

I tried linking to links on the first page of Google search for "internet redirect" and have not had any instance of redirection. I will try it again every 3-4 hours and will report to you at the end of the day. Let me know if there is any other test you want me to do to make sure things are going all right.

I hope a "large sledge hammer" phase does not refer to what we are going to do to my Laptop because it surely scares the hell out of me :)

Best regards
Marino

UPDATE 1--------------------------------- 1:40 PM
Still works fine and I see no redirection. However I noticed something and I don't know if it is related to the changes we've made:
1. Cannot get on my page on msn.com ( set as home page ) and I cannot add any topics. Tells me to return later.
2. Google sponsor links do not work after the search. All other links work normally.

I installed WinPatroll and Scotty is ready to bark !
Best regards
Marino

UPDATE 2--------------------------------- 3:12 PM
Still works fine and I see no redirection.
Note:
3. Now, I cannot run Avira Antivrus when I press "Scan System Now". It works if I go to Manual. However "avscan" in task manager stays there even if I close Avira.
4. I see 2 x dllhost.exe files in the Task Manager under Processes that I did not see before.
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 24th, 2010, 8:07 am

Marino,
Not to worry about the "sledge hammer"
Evidently there were some links chosen at some point in time that allowed the redirects.
It appears they were protected by the Choice Guard that was installed with the browser and kept resetting.

As it is now, if Antivir doesn't behave, you can download its installer again and uninstall/re-install.

The machine looks OK from an infection standpoint. Don't be concerned about dllhost files in the processes.

You should install the new Java JRE that just came out.
------------------------------------------------------------
Older versions of Java have been vulnerable to malware infections in the past. It is important to install the newest version and make sure all older ones have been removed.
Download the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 20 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
-----------------------------------------------------------
Let's see how the HijackThis log looks now:
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Redirection on search result links

Unread postby Marino » April 24th, 2010, 8:46 am

re: Java
Do you want me to uninstall first all other versions of Java ( I guess using Add/Remove from Control Panel ) first before reinstalling it or JRE installation automatically removes the older versions ?

Thanks
Marino

Update 1:
I unistalled Java but considerable amount of files were left in programs/java subdirectory. I moved all of them to my JUNK folder. Then I installed Java and the Scotty barked on:
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Java\jre6\bin\jp2ssv.dll
I said Yes to both of them.

Report from Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:59 PM, on 4/24/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
F2 - REG:system.ini: Shell=Explorer.exe,
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) -

https://support.gateway.com/eSupport/st ... javx86.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -

http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupda ... 5669409484
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -

http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft

Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program

Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir

Desktop\avguard.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian -

C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New

Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 6956 bytes
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 25th, 2010, 7:10 am

Marino,
Good work. Java recently attempts to remove older versions, but your decisions were fine.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=Explorer.exe,

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT(RESTART) Your Machine
-----------------------------------------------------------
Reset System Restore Points
  • Click Start > Help and Support
  • Click on ->Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close Help and Support Center.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
-----------------------------------------------------------
About some of the programs you had installed:
Don't ever use any programs designed to "clean" or "optimize" the Registry.
The risk is great. The benefit is negligible.
An Example of What Can Happen

Virtually ALL toolbars are primarily for the benefit of the purveyors. Be very sure before you install one.

If you want a program like MioMore Desktop 2008, don't use the file sharing ability.
Like other file sharing programs, it will get your computer trashed from all the infected (planted) shared files.

You have done a good job working the corrections here, through a nasty collection of malware.
If you need additional help, or any further questions, please ask.
Otherwise, good luck.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Redirection on search result links

Unread postby Marino » April 25th, 2010, 9:14 am

Hi,

I think YOU did a marvelous job , I was just following your instructions.

I did as you suggested.
Even with Limewire and Torrent I never had any shared files or folders enabled - same with MioMore.
I will now unistall/remove all these logs and OTL,MGADiag etc we installed and will try installing PACK 3.

There is only one "afer effect" I see now and maybe you have an idea how to fix it:
- My Internet home page is "http://my.msn.com/"
- so when I click on Internet explorer it goes to my customized home page.
- Now it just tell me "Your request could not be processed at this time, please refresh this page or try again later." and I cannot add any page or content because it says "This operation could not be completed. Please try again later."
- However ! when I go to my hotmail and then click "home page" it does get to my home page properly.
- BUT when I click to home page again same thing happen.

I don't think it is "myMSN" and if you have any ideas let me know.

Best of luck and once again many thanks for your time and effort.
Marino
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 25th, 2010, 2:45 pm

Marino,
Glad things are working for you.
Your "customized" msn home page settings for IE got wiped out in the cleaning, because I couldn't be sure it was what it said.
If you just go to www.msn.com again and choose to Customize your home page, I believe you will get a "new" www.my.msn.com.
I would suggest that you don't click on Make it my ONLY home page or you could get that ChoiceGuard back again, with its restrictions.
You can just use Tools, Internet Options in IE to set your home page to anything you want.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet Redirection on search result links

Unread postby Marino » April 25th, 2010, 8:56 pm

Roger that...I think that is all..

Thanks again !

Best regards
Marino
Marino
Regular Member
 
Posts: 24
Joined: April 13th, 2010, 12:01 pm

Re: Internet Redirection on search result links

Unread postby askey127 » April 26th, 2010, 7:04 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware