I've had an annoying little Google/search engine redirect now for just over a week it seems. I've tried various pieces of software which have cleared off minor things like tracking cookies etc, however now they are all showing clean but unfortunately my Google Redirect problem still remains. I followed the steps in your guide to removing Google Redirects here:-
http://www.geekstogo...ts-t267407.html
My GooredFix Log:-
GooredFix by jpshortstuff (08.01.10.1)
Log created at 23:25 on 04/04/2010 (Steve)
Firefox version 3.6.3 (en-GB)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:34 01/11/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [18:08 01/11/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [23:23 01/12/2009]
C:\Users\Steve\Application Data\Mozilla\Firefox\Profiles\8qxu66hx.default\extensions\
{73a6fe31-595d-460b-a920-fcc0f8843232} [18:18 04/04/2010]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)
---------- Old Logs ----------
GooredFix[22.24.42_04-04-2010].txt
GooredFix[22.24.51_04-04-2010].txt
-=E.O.F=-
My TDSSKiller Log:-
23:25:58:187 2784 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
23:25:58:187 2784 ================================================================================
23:25:58:187 2784 SystemInfo:
23:25:58:187 2784 OS Version: 6.1.7600 ServicePack: 0.0
23:25:58:187 2784 Product type: Workstation
23:25:58:187 2784 ComputerName: STEVE-PC
23:25:58:188 2784 UserName: Steve
23:25:58:188 2784 Windows directory: C:\Windows
23:25:58:188 2784 Processor architecture: Intel x86
23:25:58:188 2784 Number of processors: 2
23:25:58:188 2784 Page size: 0x1000
23:25:58:189 2784 Boot type: Normal boot
23:25:58:189 2784 ================================================================================
23:25:58:192 2784 UnloadDriverW: NtUnloadDriver error 2
23:25:58:192 2784 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
23:25:58:344 2784 wfopen_ex: Trying to open file C:\Windows\system32\config\system
23:25:58:344 2784 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:25:58:344 2784 wfopen_ex: Trying to KLMD file open
23:25:58:344 2784 wfopen_ex: File opened ok (Flags 2)
23:25:58:358 2784 wfopen_ex: Trying to open file C:\Windows\system32\config\software
23:25:58:358 2784 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:25:58:358 2784 wfopen_ex: Trying to KLMD file open
23:25:58:359 2784 wfopen_ex: File opened ok (Flags 2)
23:25:58:364 2784 Initialize success
23:25:58:364 2784
23:25:58:364 2784 Scanning Services ...
23:25:59:074 2784 Raw services enum returned 450 services
23:25:59:084 2784
23:25:59:084 2784 Scanning Kernel memory ...
23:25:59:084 2784 Devices to scan: 2
23:25:59:084 2784
23:25:59:084 2784 Driver Name: USBSTOR
23:25:59:084 2784 IRP_MJ_CREATE : 90599A02
23:25:59:084 2784 IRP_MJ_CREATE_NAMED_PIPE : 82ABB537
23:25:59:084 2784 IRP_MJ_CLOSE : 90599A7A
23:25:59:084 2784 IRP_MJ_READ : 90599AF2
23:25:59:084 2784 IRP_MJ_WRITE : 90599AF2
23:25:59:084 2784 IRP_MJ_QUERY_INFORMATION : 82ABB537
23:25:59:084 2784 IRP_MJ_SET_INFORMATION : 82ABB537
23:25:59:084 2784 IRP_MJ_QUERY_EA : 82ABB537
23:25:59:084 2784 IRP_MJ_SET_EA : 82ABB537
23:25:59:084 2784 IRP_MJ_FLUSH_BUFFERS : 82ABB537
23:25:59:084 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : 82ABB537
23:25:59:084 2784 IRP_MJ_SET_VOLUME_INFORMATION : 82ABB537
23:25:59:084 2784 IRP_MJ_DIRECTORY_CONTROL : 82ABB537
23:25:59:084 2784 IRP_MJ_FILE_SYSTEM_CONTROL : 82ABB537
23:25:59:084 2784 IRP_MJ_DEVICE_CONTROL : 905995FE
23:25:59:084 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9058C656
23:25:59:084 2784 IRP_MJ_SHUTDOWN : 82ABB537
23:25:59:084 2784 IRP_MJ_LOCK_CONTROL : 82ABB537
23:25:59:084 2784 IRP_MJ_CLEANUP : 82ABB537
23:25:59:084 2784 IRP_MJ_CREATE_MAILSLOT : 82ABB537
23:25:59:084 2784 IRP_MJ_QUERY_SECURITY : 82ABB537
23:25:59:084 2784 IRP_MJ_SET_SECURITY : 82ABB537
23:25:59:084 2784 IRP_MJ_POWER : 905979BA
23:25:59:084 2784 IRP_MJ_SYSTEM_CONTROL : 9059488E
23:25:59:084 2784 IRP_MJ_DEVICE_CHANGE : 82ABB537
23:25:59:084 2784 IRP_MJ_QUERY_QUOTA : 82ABB537
23:25:59:084 2784 IRP_MJ_SET_QUOTA : 82ABB537
23:25:59:094 2784 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
23:25:59:094 2784
23:25:59:094 2784 Driver Name: nvstor32
23:25:59:094 2784 IRP_MJ_CREATE : 8A660B1C
23:25:59:094 2784 IRP_MJ_CREATE_NAMED_PIPE : 82ABB537
23:25:59:094 2784 IRP_MJ_CLOSE : 8A660BC1
23:25:59:094 2784 IRP_MJ_READ : 82ABB537
23:25:59:094 2784 IRP_MJ_WRITE : 82ABB537
23:25:59:094 2784 IRP_MJ_QUERY_INFORMATION : 82ABB537
23:25:59:094 2784 IRP_MJ_SET_INFORMATION : 82ABB537
23:25:59:094 2784 IRP_MJ_QUERY_EA : 82ABB537
23:25:59:094 2784 IRP_MJ_SET_EA : 82ABB537
23:25:59:094 2784 IRP_MJ_FLUSH_BUFFERS : 82ABB537
23:25:59:094 2784 IRP_MJ_QUERY_VOLUME_INFORMATION : 82ABB537
23:25:59:094 2784 IRP_MJ_SET_VOLUME_INFORMATION : 82ABB537
23:25:59:094 2784 IRP_MJ_DIRECTORY_CONTROL : 82ABB537
23:25:59:094 2784 IRP_MJ_FILE_SYSTEM_CONTROL : 82ABB537
23:25:59:094 2784 IRP_MJ_DEVICE_CONTROL : 8A660C66
23:25:59:094 2784 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A6304B1
23:25:59:094 2784 IRP_MJ_SHUTDOWN : 82ABB537
23:25:59:094 2784 IRP_MJ_LOCK_CONTROL : 82ABB537
23:25:59:094 2784 IRP_MJ_CLEANUP : 82ABB537
23:25:59:094 2784 IRP_MJ_CREATE_MAILSLOT : 82ABB537
23:25:59:094 2784 IRP_MJ_QUERY_SECURITY : 82ABB537
23:25:59:094 2784 IRP_MJ_SET_SECURITY : 82ABB537
23:25:59:094 2784 IRP_MJ_POWER : 8A630556
23:25:59:094 2784 IRP_MJ_SYSTEM_CONTROL : 8A660DB8
23:25:59:094 2784 IRP_MJ_DEVICE_CHANGE : 82ABB537
23:25:59:094 2784 IRP_MJ_QUERY_QUOTA : 82ABB537
23:25:59:094 2784 IRP_MJ_SET_QUOTA : 82ABB537
23:25:59:114 2784 C:\Windows\system32\DRIVERS\nvstor32.sys - Verdict: 1
23:25:59:114 2784
23:25:59:114 2784 Completed
23:25:59:114 2784
23:25:59:114 2784 Results:
23:25:59:114 2784 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
23:25:59:114 2784 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:25:59:114 2784 File objects infected / cured / cured on reboot: 0 / 0 / 0
23:25:59:114 2784
23:25:59:114 2784 fclose_ex: Trying to close file C:\Windows\system32\config\system
23:25:59:114 2784 fclose_ex: Trying to close file C:\Windows\system32\config\software
23:25:59:114 2784 KLMD(ARK) unloaded successfully
Sadly neither appear to have picked up the issue and the redirect problem still occurs.
I have then moved onto your Malware and Spyware cleaning guide:-
http://www.geekstogo...uide-t2852.html
Malwarebytes log:-
Malwarebytes' Anti-Malware 1.44
Database version: 3890
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
04/04/2010 23:36:25
mbam-log-2010-04-04 (23-36-25).txt
Scan type: Quick Scan
Objects scanned: 106264
Time elapsed: 3 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER Log:-
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-05 00:11:17
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Steve\AppData\Local\Temp\uglcypob.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1BAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1B104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1B3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A03634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A03898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1B1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1B958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1B6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1BF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1C1A8
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OTL Logs:-
OTL logfile created on: 05/04/2010 00:17:02 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Steve\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 162.69 Gb Free Space | 54.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVE-PC
Current User Name: Steve
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/05 00:12:50 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Downloads\OTL.exe
PRC - [2010/04/02 13:59:00 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/02 13:59:00 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/17 16:48:16 | 000,180,224 | ---- | M] () -- C:\Windows\System32\WinService.exe
========== Modules (SafeList) ==========
MOD - [2010/04/05 00:12:50 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Downloads\OTL.exe
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/04/02 13:59:00 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/09 15:13:53 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/01/11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007/07/17 16:48:16 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WinService.exe -- (SCM_Service)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC BB D0 B6 4B D2 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.61
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 19:20:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 19:20:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/04/02 11:09:36 | 000,000,000 | ---D | M]
[2009/11/01 18:34:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/04/04 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\8qxu66hx.default\extensions
[2010/04/04 19:18:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\8qxu66hx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/03/23 22:16:27 | 000,001,820 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\8qxu66hx.default\searchplugins\bing.xml
[2010/04/04 19:18:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/13 22:27:39 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/13 22:27:39 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/13 22:27:39 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/13 22:27:39 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20091105115744 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 03:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2010/04/04 23:24:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\GooredFix Backups
[2010/04/04 19:17:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/02 18:15:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/02 17:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/02 11:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/04/02 11:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/02 11:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/04/02 11:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/01 21:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/04/01 21:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/01 21:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/28 19:21:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Google
========== Files - Modified Within 14 Days ==========
[2010/04/05 00:18:06 | 004,194,304 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT
[2010/04/04 23:36:41 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/04 23:36:41 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/04 23:35:33 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/04 23:35:33 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/04 23:35:32 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/04 23:32:07 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/04 23:30:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/04/04 23:29:36 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/04 23:29:36 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\Yxxnpzr.job
[2010/04/04 23:29:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/04 23:29:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/04 23:29:28 | 2213,453,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/04 23:28:53 | 001,142,075 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2010/04/04 23:26:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/04 18:24:01 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/02 18:09:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/02 18:09:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/02 18:08:16 | 000,000,089 | ---- | M] () -- C:\Windows\wininit.ini
[2010/04/01 21:27:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/03/28 19:22:49 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
========== Files Created - No Company Name ==========
[2010/04/04 23:30:05 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/04/02 18:09:20 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/02 18:09:20 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/04/02 18:08:16 | 000,000,089 | ---- | C] () -- C:\Windows\wininit.ini
[2010/04/02 11:29:46 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/03/28 19:22:49 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/03/28 19:21:56 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/28 19:21:55 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/16 22:15:33 | 000,064,512 | RHS- | C] () -- C:\Windows\System32\InkEdp.dll
[2010/02/20 16:43:24 | 000,001,498 | ---- | C] () -- C:\Users\Steve\.recently-used.xbel
[2009/11/10 00:56:32 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2009/11/02 00:11:53 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/02 00:11:52 | 000,138,056 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\PnkBstrK.sys
[2009/11/01 18:04:05 | 004,194,304 | -HS- | C] () -- C:\Users\Steve\NTUSER.DAT
[2009/11/01 18:04:05 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/11/01 18:04:05 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/11/01 18:04:05 | 000,262,144 | -HS- | C] () -- C:\Users\Steve\ntuser.dat.LOG1
[2009/11/01 18:04:05 | 000,065,536 | -HS- | C] () -- C:\Users\Steve\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/11/01 18:04:05 | 000,000,020 | -HS- | C] () -- C:\Users\Steve\ntuser.ini
[2009/11/01 18:04:05 | 000,000,000 | -HS- | C] () -- C:\Users\Steve\ntuser.dat.LOG2
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
========== LOP Check ==========
[2009/12/06 20:44:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2010/03/18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ICAClient
[2010/03/18 20:37:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Juniper Networks
[2009/11/01 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Leadertech
[2009/11/27 21:11:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SumatraPDF
[2009/12/27 16:29:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Ubisoft
[2010/04/01 16:34:10 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2010/04/04 23:30:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/03/27 09:08:49 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/04 23:29:36 | 000,000,308 | -HS- | M] () -- C:\Windows\Tasks\Yxxnpzr.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVRAID.SYS >
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys
< MD5 for: NVRD32.SYS >
[2009/08/04 18:44:12 | 000,139,296 | ---- | M] (NVIDIA Corporation) MD5=6F922993C8AA8BF555B0A8428AAB5731 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sataraid\nvrd32.sys
[2009/08/04 18:44:12 | 000,139,296 | ---- | M] (NVIDIA Corporation) MD5=6F922993C8AA8BF555B0A8428AAB5731 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sataraid\nvrd32.sys
< MD5 for: NVSTOR.SYS >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: NVSTOR32.SYS >
[2009/08/04 18:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sataraid\nvstor32.sys
[2009/08/04 18:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sataraid\nvstor32.sys
[2009/08/04 18:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sata_ide\nvstor32.sys
[2009/08/04 18:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sata_ide\nvstor32.sys
[2009/08/04 18:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\drivers\nvstor32.sys
[2009/08/04 18:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_40ee9c3d357e7b66\nvstor32.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/16 22:15:33 | 000,064,512 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\InkEdp.dll
< %systemroot%\Tasks\*.job /lockedfiles >
[2010/04/04 23:29:36 | 000,000,308 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\Yxxnpzr.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< End of report >
**OTL Extras
OTL Extras logfile created on: 05/04/2010 00:17:02 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Steve\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 162.69 Gb Free Space | 54.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: STEVE-PC
Current User Name: Steve
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{12520A80-8124-4630-A288-61B6BCDD94B3}" = IES VE-Ware/Toolkits
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{656C0E21-331E-11DF-81CE-005056806466}" = Google Earth
"{6864ABC3-A982-436B-BEF1-5652D6303361}" = ESET NOD32 Antivirus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A62F50D4-EED7-4417-A382-E89ABCF11BAC}" = SketchUp DWG Importer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}" = Battlefield Bad Company 2 - BETA
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F59A3B93-6C1C-4C3E-BCC4-4897490E2963}" = LG Bluetooth Drivers
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Fraps" = Fraps (remove only)
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PRO" = Microsoft Office Professional 2007
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12750" = GRID
"Steam App 17410" = Mirror's Edge
"Steam App 24860" = Battlefield 2
"Steam App 35110" = Just Cause 2 Demo
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 590" = Left 4 Dead 2 Demo
"SumatraPDF" = Sumatra PDF reader
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.7
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16/03/2010 13:59:43 | Computer Name = Steve-PC | Source = VSS | ID = 8194
Description =
Error - 16/03/2010 14:46:42 | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
Description = The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 33c Start
Time: 01cac538f1695508 Termination Time: 0 Application Path: C:\Windows\system32\NOTEPAD.EXE
Report
Id: 418b9529-312c-11df-9eca-00044b0081d7
Error - 16/03/2010 17:46:07 | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Ecotect.exe, version: 2010.0.0.2, time
stamp: 0x00000000 Faulting module name: nvoglv32.DLL, version: 8.17.11.9621, time
stamp: 0x4b4c0709 Exception code: 0xc0000005 Fault offset: 0x006d3591 Faulting process
id: 0x5b0 Faulting application start time: 0x01cac54e67d45ca0 Faulting application
path: C:\Program Files\Autodesk\Ecotect Analysis 2010\Ecotect.exe Faulting module
path: C:\Windows\system32\nvoglv32.DLL Report Id: 53597bd0-3145-11df-9da6-00044b0081d7
Error - 16/03/2010 20:37:34 | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PerfectGold.exe, version: 2.0.0.0, time
stamp: 0x4b93dafd Faulting module name: PerfectGold.exe, version: 2.0.0.0, time
stamp: 0x4b93dafd Exception code: 0xc0000005 Fault offset: 0x002bd969 Faulting process
id: 0x1348 Faulting application start time: 0x01cac569958208bc Faulting application
path: C:\Program Files\GEEdit2\PerfectGold.exe Faulting module path: C:\Program
Files\GEEdit2\PerfectGold.exe Report Id: 46c628ec-315d-11df-b2ae-941394bcd74a
Error - 17/03/2010 16:08:25 | Computer Name = Steve-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.
Error - 17/03/2010 18:26:12 | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GooredFix.exe, version: 2.0.0.679, time
stamp: 0x4b4786c3 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000008 Fault offset: 0x0007f49f Faulting process
id: 0xf8c Faulting application start time: 0x01cac620d00ed2f0 Faulting application
path: C:\Users\Steve\Downloads\GooredFix.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 176d6c10-3214-11df-9f97-afb23b8fd872
Error - 17/03/2010 20:02:43 | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
Description = The program SketchUp.exe version 7.1.6860.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1534 Start
Time: 01cac62890ec5f90 Termination Time: 30 Application Path: C:\Program Files\Google\Google
SketchUp 7\SketchUp.exe Report Id: 90b8c531-3221-11df-a039-a73e7d706d4e
Error - 20/03/2010 14:36:47 | Computer Name = Steve-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 26/03/2010 14:39:10 | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3727 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e40 Start
Time: 01cacd111a3ceeec Termination Time: 12 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: dc0688d9-3906-11df-ae67-00044b0081d7
Error - 04/04/2010 18:24:44 | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GooredFix.exe, version: 2.0.0.679, time
stamp: 0x4b4786c3 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0002fc47 Faulting process
id: 0x928 Faulting application start time: 0x01cad44598dd880c Faulting application
path: C:\Users\Steve\Downloads\GooredFix.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: de19dd6c-4038-11df-9687-00044b0081d7
[ System Events ]
Error - 04/04/2010 14:24:24 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 04/04/2010 14:24:24 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 04/04/2010 14:29:25 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 04/04/2010 14:29:25 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 04/04/2010 14:29:25 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 04/04/2010 14:31:32 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 04/04/2010 14:31:32 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 04/04/2010 14:31:32 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 04/04/2010 18:30:46 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 04/04/2010 18:39:34 | Computer Name = Steve-PC | Source = DCOM | ID = 10010
Description =
< End of report >
If you can provide any help that'd be great! Many thanks for taking a look.