Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Hijacker - Followed Other Threads Instructions & Nothing Wo


  • Please log in to reply

#1
DG82

DG82

    New Member

  • Member
  • Pip
  • 1 posts
I have looked at the other threads in this forum, followed the instructions that were suggested and I can't seem to get rid of the google redirect/hijacker. I have run OTL, Combofix, Malwarebytes, TDSSKiller and other anti-spyware products, but nothing has worked. Below is my OTL Scan file, if anyone has suggestions, please let me know. I appreciate the help.

OTL logfile created on: 11/21/2010 6:25:36 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Greg\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 450.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.78 Gb Total Space | 39.26 Gb Free Space | 78.86% Space Free | Partition Type: NTFS

Computer Name: DELLLAPTOP | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/21 15:38:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\My Documents\Downloads\OTL.exe
PRC - [2010/10/27 01:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 01:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2005/09/09 23:19:34 | 000,393,216 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/21 15:38:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\My Documents\Downloads\OTL.exe
MOD - [2004/08/10 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Greg\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2005/11/29 04:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/14 13:41:10 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | On_Demand | Running] -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 23:15:32 | 001,032,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/05 03:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 03:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 03:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 03:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/14 10:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 09:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 11:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/01/17 13:13:28 | 000,098,304 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2004/12/22 04:38:12 | 000,034,816 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2004/11/16 15:51:54 | 000,050,048 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2004/10/21 20:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/05 03:33:02 | 000,062,799 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/21 12:49:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/21 17:21:36 | 000,000,000 | ---D | M]

[2010/11/21 12:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions
[2010/11/21 18:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\4urztxac.default\extensions
[2010/11/21 13:13:50 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\4urztxac.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/11/21 13:13:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\4urztxac.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/21 14:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\4urztxac.default\extensions\[email protected](2).com
[2010/11/21 17:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/21 17:35:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/21 17:35:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/21 15:40:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1290363485078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/21 17:38:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/11/21 17:23:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/11/21 17:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/21 17:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Malwarebytes
[2010/11/21 17:17:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/21 17:17:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/21 17:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/21 17:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/21 17:15:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/21 15:51:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/21 15:47:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/21 15:46:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/21 15:46:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/21 15:46:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/21 15:46:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/21 15:46:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/21 15:46:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/21 15:40:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/21 15:15:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/21 14:27:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/11/21 14:01:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/11/21 13:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\IObit
[2010/11/21 13:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/11/21 13:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Leadertech
[2010/11/21 13:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LogiShrd
[2010/11/21 13:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2010/11/21 13:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/11/21 13:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/11/21 13:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Logitech
[2010/11/21 13:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Logishrd
[2010/11/21 13:17:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Greg\UserData
[2010/11/21 13:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Macromedia
[2010/11/21 13:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Adobe
[2010/11/21 12:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\Temp
[2010/11/21 12:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\Google
[2010/11/21 12:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/21 12:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/11/21 12:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\My Documents\Downloads
[2010/11/21 12:50:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/11/21 12:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\Mozilla
[2010/11/21 12:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Mozilla
[2010/11/21 12:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/21 12:43:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/11/21 12:38:57 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/11/21 12:37:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/11/21 12:28:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/11/21 12:23:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Greg\Application Data\Microsoft
[2010/11/21 12:23:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Greg\Application Data\Gtek
[2010/11/21 12:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Intel
[2010/11/21 12:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Identities
[2010/11/21 12:23:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Greg\Cookies
[2010/11/21 12:23:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Greg\SendTo
[2010/11/21 12:23:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Greg\Recent
[2010/11/21 12:23:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Greg\Application Data
[2010/11/21 12:23:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\Start Menu
[2010/11/21 12:23:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\My Documents\My Pictures
[2010/11/21 12:23:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\My Documents\My Music
[2010/11/21 12:23:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\My Documents
[2010/11/21 12:23:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\Favorites
[2010/11/21 12:23:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Greg\Templates
[2010/11/21 12:23:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Greg\PrintHood
[2010/11/21 12:23:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Greg\NetHood
[2010/11/21 12:23:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Greg\Local Settings
[2010/11/21 12:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\Sun
[2010/11/21 12:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\Musicmatch
[2010/11/21 12:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft
[2010/11/21 12:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop
[2010/11/21 12:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\My Documents\CCWin
[2010/11/21 12:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\ApplicationHistory
[2010/11/21 12:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}

========== Files - Modified Within 30 Days ==========

[2010/11/21 17:59:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2189746140-309025192-3698564571-1005UA.job
[2010/11/21 17:21:19 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/21 17:17:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/21 17:16:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/21 17:16:08 | 1064,763,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/21 15:47:38 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/11/21 15:40:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/21 14:17:34 | 000,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/21 14:17:34 | 000,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/21 14:10:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/21 13:41:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/11/21 13:30:22 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/11/21 13:23:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/21 12:59:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2189746140-309025192-3698564571-1005Core.job
[2010/11/21 12:56:28 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Google Chrome.lnk
[2010/11/21 12:56:28 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/21 12:54:02 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/21 12:49:14 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/21 12:49:14 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/21 12:48:19 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/11/21 12:38:52 | 000,108,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/21 12:36:32 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/11/21 12:26:31 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/11/21 12:24:09 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/21 12:24:05 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Windows Media Player.lnk
[2010/11/21 12:24:03 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/11/21 12:23:41 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/21 12:20:53 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

========== Files Created - No Company Name ==========

[2010/11/21 17:17:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/21 15:47:38 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/11/21 15:47:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/21 15:46:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/21 15:46:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/21 15:46:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/21 15:46:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/21 15:46:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/21 13:57:13 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/11/21 13:41:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/11/21 13:30:22 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2010/11/21 12:59:13 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/21 12:56:28 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Google Chrome.lnk
[2010/11/21 12:56:28 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/21 12:54:16 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2189746140-309025192-3698564571-1005UA.job
[2010/11/21 12:54:15 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2189746140-309025192-3698564571-1005Core.job
[2010/11/21 12:54:02 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/21 12:49:14 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/21 12:49:14 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/21 12:26:31 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/21 12:24:05 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Windows Media Player.lnk
[2010/11/21 12:23:58 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/11/21 12:23:58 | 000,001,298 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Media Center.lnk
[2010/11/21 12:23:58 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/21 12:23:58 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/11/21 12:23:58 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/21 12:23:56 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat
[2010/11/21 12:20:52 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2006/04/23 23:32:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/23 23:27:53 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/23 23:16:46 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/04/23 22:50:02 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/04/23 22:49:06 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:18:35 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/08/16 04:18:19 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/03 08:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/23 03:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/07/21 10:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/16 07:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/30 08:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll

========== LOP Check ==========

[2010/11/21 14:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\IObit
[2010/11/21 13:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\Leadertech
[2010/11/21 17:21:19 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP