Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox: Google Results Re-directed

Started by fshagan , Jan 08 2011 01:10 AM

  • Please log in to reply

#1
fshagan
Posted 08 January 2011 - 01:10 AM

fshagan

    New Member

  • Member
  • Pip
  • 2 posts
Sometimes when I click a Google search result, I'm taken to a spam site, another search engine, or the fake "Windows Security Scanner" site that asks you to buy their malware. This happens every 5 - 10 links. I haven't had it happen at Bing, or when I use Chrome.

I have also had some corruption of email messages in Windows Live Mail 2011, where the program cannot find the text of the email message. I don't know if that's related or not.

I have tried updating and then doing full scans with Windows Defender, SuperAntiSpyware, SpyBot Search and Destroy, and MalwareBytes. No infections are found. I removed and reinstalled Firefox. I followed the guide here at http://www.geekstogo...ogle-redirects/ and it did not cure the problem. I have the various logs, but the linked forum post with instructions said to include just the OTL log. Thank you for any assistance you can give.

Here is the OTL log:


OTL logfile created on: 1/7/2011 10:52:32 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Frank\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.87 Gb Total Space | 502.46 Gb Free Space | 73.37% Space Free | Partition Type: NTFS
Drive Z: | 678.63 Gb Total Space | 1160.55 Gb Free Space | 171.02% Space Free | Partition Type: NTFS

Computer Name: ACER | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/07 22:51:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
PRC - [2010/12/08 15:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Frank\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/09/14 11:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/06/16 13:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/11/13 03:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/25 10:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
PRC - [2009/08/28 09:39:02 | 004,439,760 | ---- | M] (RadioTime, Inc) -- C:\Program Files (x86)\RadioTime\mrt.exe
PRC - [2009/08/15 13:52:16 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/12 14:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/09 21:36:04 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009/08/06 09:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/07/03 17:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 05:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/01/07 22:51:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/08/28 09:36:28 | 000,184,528 | ---- | M] (RadioTime, Inc) -- C:\Program Files (x86)\RadioTime\soundcap.dll
MOD - [2009/07/13 17:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/29 09:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/03/25 22:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/07 15:11:40 | 000,231,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV:64bit: - [2009/10/07 15:11:04 | 000,489,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV:64bit: - [2009/10/07 15:11:02 | 000,109,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 17:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/04/19 07:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/04/19 07:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2008/07/29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2010/09/14 11:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/08/14 10:16:12 | 000,011,264 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe -- (TunerFreeMCEService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/13 03:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/08/12 14:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/06 09:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 05:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/05/22 10:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/27 07:14:24 | 006,465,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:64bit: - [2010/07/27 07:12:16 | 000,339,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 15:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/07 17:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/02/17 10:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 10:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/10/16 01:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/07 15:11:30 | 000,053,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BackupReader.sys -- (BackupReader)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/08/20 21:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 15:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 15:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/29 21:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...88v135w4881s246
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...88v135w4881s246

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...88v135w4881s246
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.frankhagan.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.frank.com/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Firefox\components [2011/01/06 21:04:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins [2011/01/06 21:04:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/09/17 21:06:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/04/04 12:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Extensions
[2010/01/26 02:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/04 12:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/01/25 18:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\45yjh84p.default\extensions
[2011/01/07 21:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default\extensions
[2010/12/30 02:14:36 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/01/05 18:46:20 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/10/14 18:51:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/25 21:50:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2011/01/07 05:09:00 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/02 22:34:17 | 000,000,000 | ---D | M] ("Show my Password") -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2010/12/24 10:11:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/22 13:33:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/08 19:10:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/01/02 16:39:12 | 000,000,000 | ---D | M] (CheckPlaces) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default\extensions\[email protected]
[2011/01/05 18:46:19 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default\extensions\[email protected]
[2010/01/25 21:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default_old\extensions
[2010/01/25 21:50:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default_old\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/25 21:50:51 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default_old\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/25 21:50:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\exxketsl.default_old\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/01/07 22:39:47 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKCU..\Run: [mciEventSched] C:\Users\Frank\AppData\Local\AppleCommsAgent\mciEventSched.DLL ()
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe File not found
O4 - HKCU..\Run: [RadioTime] C:\Program Files (x86)\RadioTime\mrt.exe (RadioTime, Inc)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkey.exe - Shortcut.lnk = C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f2feb483-b435-11df-ad1d-0025115ee68e}\Shell - "" = AutoRun
O33 - MountPoints2\{f2feb483-b435-11df-ad1d-0025115ee68e}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/07 22:51:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2011/01/07 22:48:19 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\GooredFix Backups
[2011/01/07 22:39:44 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/01/07 22:36:11 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Frank\Desktop\GooredFix.exe
[2011/01/07 22:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\erunt
[2011/01/07 22:13:19 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTM.exe
[2011/01/07 20:25:02 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{24CD2564-89E4-4A4F-A071-390BE2C5CEA7}
[2011/01/06 21:04:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Mozilla
[2011/01/06 21:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox
[2011/01/06 21:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefox
[2011/01/06 05:02:49 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\{44185EC4-6868-4576-A7A2-032A80CC9597}
[2011/01/06 03:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/06 03:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/06 03:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/01/06 02:59:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/01/01 15:50:51 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/01 15:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/01 15:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/01/01 15:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/01 15:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/30 14:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/12/30 14:11:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/23 10:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2010/12/23 10:35:01 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\iSkysoft iMedia Converter
[2010/12/23 10:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
[2010/12/23 10:34:39 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2010/12/23 10:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSkysoft
[2010/12/19 16:32:38 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\Corel Auto-Preserve
[2010/12/18 08:02:30 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Sling Media
[2010/12/18 07:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/12/18 07:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/12/16 00:19:17 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\AppleCommsAgent
[2010/12/15 20:45:10 | 000,000,000 | ---D | C] -- C:\Users\Frank\.dia
[2010/12/15 20:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia
[2010/12/15 20:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dia

========== Files - Modified Within 30 Days ==========

[2011/01/07 22:54:02 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/07 22:54:02 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/07 22:51:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2011/01/07 22:51:06 | 000,870,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/07 22:51:06 | 000,725,480 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/07 22:51:06 | 000,145,498 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/07 22:46:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/07 22:46:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/07 22:46:09 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/07 22:39:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/01/07 22:37:29 | 001,232,020 | ---- | M] () -- C:\Users\Frank\Desktop\tdsskiller.zip
[2011/01/07 22:36:12 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Frank\Desktop\GooredFix.exe
[2011/01/07 22:13:23 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTM.exe
[2011/01/07 21:59:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1846086038-3905015425-3072025081-1001UA.job
[2011/01/07 21:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/07 21:03:16 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1846086038-3905015425-3072025081-1001Core.job
[2011/01/07 20:07:01 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/06 21:04:43 | 000,001,897 | ---- | M] () -- C:\Users\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/06 21:04:43 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/05 20:44:19 | 000,000,600 | ---- | M] () -- C:\Users\Frank\AppData\Local\PUTTY.RND
[2011/01/05 02:23:13 | 000,012,481 | ---- | M] () -- C:\Users\Frank\Desktop\Hosting-customers.xlsx
[2011/01/01 15:27:10 | 000,000,036 | ---- | M] () -- C:\Users\Frank\AppData\Local\housecall.guid.cache
[2010/12/30 21:44:26 | 000,007,598 | ---- | M] () -- C:\Users\Frank\AppData\Local\Resmon.ResmonCfg
[2010/12/30 19:59:43 | 000,146,113 | ---- | M] () -- C:\Users\Frank\Desktop\100_windows7_shortcuts.pdf
[2010/12/23 08:28:19 | 001,253,045 | ---- | M] () -- C:\Users\Frank\Desktop\AP Style 2009.pdf
[2010/12/21 08:25:53 | 000,696,494 | ---- | M] () -- C:\Users\Frank\Desktop\smf_members.csv
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/17 17:13:36 | 112,487,493 | ---- | M] () -- C:\Users\Frank\Desktop\Templates.zip
[2010/12/16 17:08:23 | 000,489,155 | ---- | M] () -- C:\Users\Frank\Desktop\Demand Studios Writer Welcome Packet.pdf
[2010/12/16 03:36:11 | 000,483,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/01/07 22:37:25 | 001,232,020 | ---- | C] () -- C:\Users\Frank\Desktop\tdsskiller.zip
[2011/01/06 21:04:43 | 000,001,897 | ---- | C] () -- C:\Users\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/06 21:04:43 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/05 02:23:12 | 000,012,481 | ---- | C] () -- C:\Users\Frank\Desktop\Hosting-customers.xlsx
[2011/01/01 15:27:10 | 000,000,036 | ---- | C] () -- C:\Users\Frank\AppData\Local\housecall.guid.cache
[2010/12/30 19:59:42 | 000,146,113 | ---- | C] () -- C:\Users\Frank\Desktop\100_windows7_shortcuts.pdf
[2010/12/23 10:34:45 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\IS_ContextMenu.dll
[2010/12/23 10:34:39 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2010/12/23 10:34:39 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/12/23 08:28:34 | 001,253,045 | ---- | C] () -- C:\Users\Frank\Desktop\AP Style 2009.pdf
[2010/12/21 08:25:52 | 000,696,494 | ---- | C] () -- C:\Users\Frank\Desktop\smf_members.csv
[2010/12/17 17:12:11 | 112,487,493 | ---- | C] () -- C:\Users\Frank\Desktop\Templates.zip
[2010/12/16 17:08:22 | 000,489,155 | ---- | C] () -- C:\Users\Frank\Desktop\Demand Studios Writer Welcome Packet.pdf
[2010/09/16 21:37:45 | 000,007,598 | ---- | C] () -- C:\Users\Frank\AppData\Local\Resmon.ResmonCfg
[2010/09/08 17:27:02 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/07/27 07:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 07:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/07/06 21:32:20 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/06 21:23:14 | 000,018,432 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 21:22:04 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/05/26 19:58:19 | 000,010,733 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2010/04/12 22:11:44 | 000,000,263 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\mainhst.zgh
[2010/03/24 19:24:36 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI
[2010/03/05 20:07:26 | 000,864,114 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/15 22:47:42 | 000,000,600 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\winscp.rnd
[2010/02/15 22:37:48 | 000,000,600 | ---- | C] () -- C:\Users\Frank\AppData\Local\PUTTY.RND
[2010/01/26 22:26:28 | 000,000,000 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\wklnhst.dat
[2010/01/25 20:36:24 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/01/25 17:57:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Acer
[2010/02/01 20:48:27 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Amazon
[2010/09/06 20:33:02 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\calibre
[2010/03/24 19:24:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Canon
[2010/05/13 21:19:16 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\dBpoweramp
[2010/09/25 09:59:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox
[2010/01/30 19:08:07 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Easy Thumbnails
[2011/01/07 20:06:55 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\FileZilla
[2010/05/08 19:56:56 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ImgBurn
[2010/09/15 21:48:52 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Jumping Bytes
[2010/01/25 17:57:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Leadertech
[2010/06/28 05:33:28 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\M8 Software
[2010/03/04 18:09:35 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MAGIX
[2010/04/05 17:40:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\mkvtoolnix
[2010/04/22 05:18:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mp3tag
[2010/03/05 20:08:33 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\NVD
[2010/07/14 21:53:19 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OpenDNS Updater
[2010/01/26 03:20:07 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OpenOffice.org
[2010/06/04 23:22:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\OverDrive
[2010/01/26 20:03:59 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\qliner
[2010/02/06 21:07:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\RootsMagic
[2010/06/24 22:26:24 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Serif
[2010/12/18 08:02:30 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Sling Media
[2010/04/23 17:13:06 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\SoftGrid Client
[2010/01/26 22:28:55 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template
[2010/01/25 19:53:22 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ThumbGen
[2010/01/26 02:48:35 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Thunderbird
[2010/04/04 12:08:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom
[2010/03/05 20:08:38 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TP
[2010/02/02 06:58:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TrueCrypt
[2010/02/20 11:50:22 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/02/01 18:01:12 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Windows Home Server
[2010/10/20 20:47:31 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Windows Live Writer
[2010/03/07 22:49:00 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\www.nerdoftheherd.com
[2010/04/12 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ZipGenius
[2010/02/01 21:41:00 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\Frank-mediaAgg.job
[2010/10/14 02:26:02 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
fshagan
Posted 08 January 2011 - 03:30 PM

fshagan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hitman Pro identified the file mciEventSched.dll as malware and removed it. So far so good, it seems to have stopped the redirects.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP