Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Grrrrr!

Started by HelpMeObiWan , Nov 04 2010 11:02 AM

  • Please log in to reply

#1
HelpMeObiWan
Posted 04 November 2010 - 11:02 AM

HelpMeObiWan

    New Member

  • Member
  • Pip
  • 1 posts
Good Day All,

Just putting up my OTL quick scans to join in the fun. I think I have the redirect issue on my laptop. I use google search end up at some porn site or a bogus site. Any help will be greatly appreciated.

Here are my logs.

OTL logfile created on: 11/4/2010 11:57:49 AM - Run 3
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\TLP\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 198.84 Gb Free Space | 69.43% Space Free | Partition Type: NTFS

Computer Name: TLP-PC | User Name: TLP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\TLP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\TLP\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\82C6.tmp File not found
DRV:64bit: - (ipswuio) -- C:\Windows\SysNative\DRIVERS\ipswuio.sys File not found
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5D B0 31 0E 49 C4 B8 45 97 1A F1 C8 1A 5E 88 D5 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.10
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {54a9f0f8-343c-4d2f-bc43-033a0a526dfa}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/10/28 20:53:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 21:02:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 21:02:47 | 000,000,000 | ---D | M]

[2010/09/10 07:56:28 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\Mozilla\Extensions
[2010/09/10 07:56:28 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/11/03 13:35:29 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\Mozilla\Firefox\Profiles\tb3htspn.default\extensions
[2010/09/24 16:26:37 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\TLP\AppData\Roaming\Mozilla\Firefox\Profiles\tb3htspn.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/10/10 11:01:19 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\TLP\AppData\Roaming\Mozilla\Firefox\Profiles\tb3htspn.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/27 00:17:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TLP\AppData\Roaming\Mozilla\Firefox\Profiles\tb3htspn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/10 08:18:08 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\TLP\AppData\Roaming\Mozilla\Firefox\Profiles\tb3htspn.default\extensions\{54a9f0f8-343c-4d2f-bc43-033a0a526dfa}
[2010/09/10 10:27:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\TLP\AppData\Roaming\Mozilla\Firefox\Profiles\tb3htspn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/26 08:29:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\TLP\AppData\Roaming\Mozilla\Firefox\Profiles\tb3htspn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/17 20:43:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\TLP\AppData\Roaming\Mozilla\Firefox\Profiles\tb3htspn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/06/22 13:27:12 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\Mozilla\Firefox\Profiles\tb3htspn.default\extensions\[email protected]
[2010/10/28 21:03:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/12 13:35:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/12 13:35:10 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/28 17:10:22 | 000,424,222 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14622 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1440X900.jpg
O24 - Desktop BackupWallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1440X900.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/04 11:51:13 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/04 11:23:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/04 10:27:56 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\TLP\Desktop\OTL.exe
[2010/11/03 08:58:34 | 000,000,000 | ---D | C] -- C:\Users\TLP\Documents\My Extracted Files
[2010/11/03 08:55:51 | 000,000,000 | ---D | C] -- C:\Users\TLP\AppData\Roaming\BitZipper
[2010/11/03 08:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitZipper
[2010/11/03 08:31:28 | 000,000,000 | ---D | C] -- C:\Users\TLP\Documents\DAOC
[2010/10/28 20:54:22 | 000,000,000 | ---D | C] -- C:\Users\TLP\AppData\Roaming\AVG10
[2010/10/28 20:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/28 20:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/28 20:43:15 | 000,000,000 | ---D | C] -- C:\Users\TLP\AppData\Roaming\GlarySoft
[2010/10/28 20:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2010/10/28 17:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/28 17:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/28 16:55:21 | 000,000,000 | ---D | C] -- C:\Users\TLP\Desktop\backups
[2010/10/25 10:43:53 | 001,317,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\TLP\Desktop\TDSSKiller.exe
[2010/10/13 08:12:18 | 000,000,000 | ---D | C] -- C:\Users\TLP\AppData\Roaming\EurekaLog
[2010/10/13 08:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2010/10/13 08:09:44 | 000,000,000 | ---D | C] -- C:\Users\TLP\Documents\Anti-Malware
[2010/10/12 23:14:54 | 000,000,000 | ---D | C] -- C:\Users\TLP\DoctorWeb
[2010/10/12 22:43:05 | 000,000,000 | ---D | C] -- C:\tdss_remover_latest
[2010/10/12 19:31:09 | 000,000,000 | ---D | C] -- C:\Users\TLP\AppData\Roaming\DaocTB
[2010/10/12 19:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAOC-Charplan
[2010/10/12 11:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/12 11:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/10/11 12:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/10/11 11:49:09 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[1 C:\Users\TLP\Desktop\*.tmp files -> C:\Users\TLP\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/04 11:50:00 | 003,902,849 | ---- | M] () -- C:\Users\TLP\Desktop\ComboFix.exe
[2010/11/04 11:38:05 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/04 11:38:05 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/04 11:30:48 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/11/04 11:30:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/04 11:30:22 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/04 11:13:55 | 000,287,041 | ---- | M] () -- C:\Users\TLP\Desktop\gmer.zip
[2010/11/04 11:12:51 | 000,000,000 | ---- | M] () -- C:\Users\TLP\defogger_reenable
[2010/11/04 10:28:01 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\TLP\Desktop\OTL.exe
[2010/11/04 09:16:50 | 098,331,948 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/28 20:53:32 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/28 20:53:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2010/10/28 20:53:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2010/10/28 20:44:51 | 000,017,201 | ---- | M] () -- C:\AVGInstLog.cab
[2010/10/28 20:40:31 | 000,000,995 | ---- | M] () -- C:\Users\TLP\Desktop\Glary Utilities.lnk
[2010/10/28 17:10:22 | 000,424,222 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/10/28 17:00:51 | 000,001,265 | ---- | M] () -- C:\Users\TLP\Desktop\Spybot - Search & Destroy.lnk
[2010/10/26 14:17:34 | 000,728,058 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/26 14:17:34 | 000,625,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/26 14:17:34 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/26 14:17:29 | 000,000,020 | ---- | M] () -- C:\Windows\D÷̣
[2010/10/25 09:50:38 | 001,317,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\TLP\Desktop\TDSSKiller.exe
[2010/10/18 12:14:52 | 000,201,980 | ---- | M] () -- C:\Windows\hpoins41.dat
[2010/10/16 21:52:45 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\agremove.exe
[2010/10/15 23:55:15 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/10/14 21:19:48 | 000,427,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/12 22:25:32 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
[2010/10/12 19:30:59 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\DAOC-Charplan.lnk
[2010/10/12 15:17:03 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2010/10/12 11:56:46 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/11 11:48:04 | 000,000,036 | ---- | M] () -- C:\Users\TLP\AppData\Local\housecall.guid.cache
[1 C:\Users\TLP\Desktop\*.tmp files -> C:\Users\TLP\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/04 11:28:31 | 003,902,849 | ---- | C] () -- C:\Users\TLP\Desktop\ComboFix.exe
[2010/11/04 11:13:51 | 000,287,041 | ---- | C] () -- C:\Users\TLP\Desktop\gmer.zip
[2010/11/04 11:12:51 | 000,000,000 | ---- | C] () -- C:\Users\TLP\defogger_reenable
[2010/10/28 20:53:32 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/28 20:44:51 | 000,017,201 | ---- | C] () -- C:\AVGInstLog.cab
[2010/10/28 20:40:32 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/10/28 20:40:31 | 000,000,995 | ---- | C] () -- C:\Users\TLP\Desktop\Glary Utilities.lnk
[2010/10/28 17:00:51 | 000,001,265 | ---- | C] () -- C:\Users\TLP\Desktop\Spybot - Search & Destroy.lnk
[2010/10/26 14:17:28 | 000,000,020 | ---- | C] () -- C:\Windows\D÷̣
[2010/10/12 19:30:59 | 000,001,937 | ---- | C] () -- C:\Users\Public\Desktop\DAOC-Charplan.lnk
[2010/10/12 11:56:46 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/11 11:48:04 | 000,000,036 | ---- | C] () -- C:\Users\TLP\AppData\Local\housecall.guid.cache
[2010/09/10 08:20:54 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/08/20 12:14:15 | 000,000,017 | ---- | C] () -- C:\Users\TLP\AppData\Local\resmon.resmoncfg
[2010/08/09 08:57:36 | 000,009,236 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/07/08 12:29:48 | 000,000,003 | RH-- | C] () -- C:\ProgramData\LoJackNotifier.txt
[2010/05/11 21:50:06 | 000,000,032 | ---- | C] () -- C:\Windows\sctool55.INI
[2010/05/11 21:49:15 | 000,000,023 | ---- | C] () -- C:\Windows\PFW3.INI
[2010/05/11 21:49:13 | 000,000,017 | ---- | C] () -- C:\Windows\Averasell.ini
[2010/05/11 21:48:53 | 000,000,637 | ---- | C] () -- C:\Windows\retailer.ini
[2010/04/27 00:31:36 | 000,000,155 | ---- | C] () -- C:\Users\TLP\AppData\Roaming\BBMS_EXCEPTION.txt
[2010/03/15 16:47:37 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010/03/15 16:12:48 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/03/15 16:12:48 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/20 10:11:26 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/10/19 12:55:35 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/08/18 14:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/08/04 12:01:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/04 00:22:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/31 11:31:53 | 000,000,000 | ---- | C] () -- C:\Users\TLP\AppData\Roaming\wklnhst.dat
[2009/07/28 15:25:49 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/07/28 03:14:04 | 000,002,039 | ---- | C] () -- C:\Users\TLP\AppData\Roaming\install.dat
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/08 22:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2010/03/15 15:08:11 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\Absolute
[2010/10/28 20:54:22 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\AVG10
[2010/11/04 09:08:35 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\BitZipper
[2009/12/24 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\Cogniview
[2010/10/12 19:47:34 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\DaocTB
[2010/03/15 15:08:11 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\Electronic Arts
[2010/10/13 08:12:18 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\EurekaLog
[2010/10/28 20:43:15 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\GlarySoft
[2010/03/15 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\IObit
[2010/03/15 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\KSCraft
[2010/03/15 15:08:30 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\NetMeter
[2010/03/15 15:08:30 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\Peachtree
[2010/04/27 00:31:33 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\Research In Motion
[2010/03/15 15:08:30 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\Template
[2010/03/15 15:08:30 | 000,000,000 | ---D | M] -- C:\Users\TLP\AppData\Roaming\Thunderbird
[2010/11/04 11:30:48 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/10/08 11:00:36 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP