Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Rediect virus


  • This topic is locked This topic is locked

#1
gottarun451

gottarun451

    Member

  • Member
  • PipPip
  • 10 posts
Last week I went onto google, and realized that everything i click gets redirected. It really is annoying. The first night it started my computer went crazy, i quickly downloaded AGI anti virus from cnet. As soon as it was done downloading, my computer shut down. I started it in safe mode, ran AGI, and it works fine minus the whole google redirect thing. This also happened to my boyfriends computer last night. So if this works for me ill be doing his computer next. Thank you.

OTL logfile created on: 4/4/2011 1:01:48 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.23 Gb Total Space | 151.30 Gb Free Space | 33.91% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/04 12:51:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2011/03/08 19:02:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 05:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/06/12 01:48:53 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/03/06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/01/11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/04 20:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/24 16:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/11/02 17:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/19 23:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/08/17 12:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/08/12 17:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/07/31 13:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/19 13:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 23:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/04/04 12:51:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/10 04:09:46 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/12/07 19:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/09/24 17:53:24 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/09/24 17:53:22 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/20 10:56:11 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/03 15:24:28 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/03 15:24:24 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/07/30 13:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/30 13:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/30 13:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/12 04:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2009/10/15 05:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/04 21:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/24 17:54:10 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/08/23 01:08:07 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/08/21 02:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/06 17:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 05:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 04:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/18 15:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 21:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/12/08 20:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/home.php? [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....l/?shva=1#inbox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 32 3E A3 00 5B 2D F4 4C A4 A8 CD 6E 30 8B F8 15 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {f326e709-a974-4a6e-9dd0-fa986af0f20e}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:6.011.025.001
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/03/25 21:42:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/03/30 09:45:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/08 19:02:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/08 19:02:39 | 000,000,000 | ---D | M]

[2010/11/05 15:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/10/27 11:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/08/21 22:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/03/29 15:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rm2gnw3z.default\extensions
[2011/03/25 20:41:01 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rm2gnw3z.default\extensions\{f326e709-a974-4a6e-9dd0-fa986af0f20e}
[2010/11/05 15:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/30 09:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX
[2011/03/25 21:42:12 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="6.011.025.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Setwallpaper] File not found
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10g_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6b7b3462-75e1-11df-b5e1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b7b3462-75e1-11df-b5e1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/03 19:11:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Unity
[2011/03/31 15:39:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\CSS3PhotoGallery
[2011/03/30 09:46:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/26 00:14:41 | 000,796,176 | ---- | C] (MyWebSearch.com) -- C:\Program Files (x86)\Uninstall Fun Web Products.dll
[2011/03/25 23:54:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\AVG Security Toolbar
[2011/03/25 22:02:33 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/03/25 21:43:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG10
[2011/03/25 21:42:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/03/25 21:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/03/25 21:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/03/25 21:41:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/03/25 21:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/03/25 21:40:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/03/25 21:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/03/25 21:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/25 20:46:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Service
[2011/03/25 20:42:05 | 001,988,176 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\vsapint.sys
[2011/03/25 20:42:05 | 000,309,840 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmxpflt.sys
[2011/03/25 20:42:05 | 000,042,576 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmpreflt.sys
[2011/03/25 20:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro AntiVirus plus AntiSpyware
[2011/03/25 20:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/03/25 20:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/22 19:11:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinRAR
[2011/03/20 18:40:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\nick
[2011/03/19 11:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ANPARK
[2011/03/18 19:20:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\6F02A0DC1E63A9C19099D446399B207D
[2011/03/17 22:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\1308171847
[2011/03/17 22:24:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2011/03/17 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\1617751231
[2011/03/17 22:23:28 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Roaming\SysWin
[2011/03/14 15:03:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\edits
[2011/03/13 23:41:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2008/08/12 00:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/04 13:10:50 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/04/04 13:09:48 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/04/04 12:25:28 | 111,635,981 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/04/04 12:21:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/03 17:38:11 | 000,000,132 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/03 14:01:53 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/03 14:01:53 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/03 14:01:53 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/29 10:51:25 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/29 10:51:25 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/29 10:37:11 | 3193,765,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/26 01:15:26 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/03/25 23:58:04 | 000,002,226 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/03/25 23:53:40 | 000,648,536 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/03/25 23:52:35 | 000,001,185 | ---- | M] () -- C:\ProgramData\572846244
[2011/03/25 23:52:18 | 000,000,144 | -HS- | M] () -- C:\ProgramData\34528136
[2011/03/25 23:52:16 | 000,001,243 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/03/25 23:40:30 | 000,011,484 | -HS- | M] () -- C:\Users\Owner\AppData\Local\74r43ey6o25187
[2011/03/25 23:40:30 | 000,011,484 | -HS- | M] () -- C:\ProgramData\74r43ey6o25187
[2011/03/25 21:41:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/03/25 21:41:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/03/25 21:41:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/03/25 21:07:41 | 000,000,039 | ---- | M] () -- C:\ProgramData\2de8cdf
[2011/03/23 10:17:05 | 000,515,584 | -HS- | M] () -- C:\Windows\NlsData001awow.exe
[2011/03/19 13:28:00 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/03/19 11:49:55 | 009,942,842 | ---- | M] () -- C:\Users\Owner\Desktop\senses.psd
[2011/03/18 21:01:54 | 000,256,729 | ---- | M] () -- C:\Users\Owner\Desktop\five-senses.jpg
[2011/03/17 22:25:30 | 000,000,132 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/03/17 22:23:51 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2011/03/17 22:23:27 | 000,000,102 | ---- | M] () -- C:\Windows\SysWow64\686857391
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/04 12:25:28 | 111,635,981 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/03/26 01:15:26 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/03/25 23:53:40 | 000,648,536 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/03/25 21:41:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/03/25 21:41:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/03/25 21:41:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/03/25 20:52:45 | 000,515,584 | -HS- | C] () -- C:\Windows\NlsData001awow.exe
[2011/03/25 19:49:48 | 000,011,484 | -HS- | C] () -- C:\Users\Owner\AppData\Local\74r43ey6o25187
[2011/03/25 19:49:48 | 000,011,484 | -HS- | C] () -- C:\ProgramData\74r43ey6o25187
[2011/03/25 19:49:33 | 000,335,872 | -HS- | C] () -- C:\Users\Owner\AppData\Local\aeo.exe
[2011/03/21 21:30:23 | 000,000,039 | ---- | C] () -- C:\ProgramData\2de8cdf
[2011/03/19 11:49:51 | 009,942,842 | ---- | C] () -- C:\Users\Owner\Desktop\senses.psd
[2011/03/19 11:44:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/03/18 21:01:52 | 000,256,729 | ---- | C] () -- C:\Users\Owner\Desktop\five-senses.jpg
[2011/03/17 22:24:05 | 000,001,185 | ---- | C] () -- C:\ProgramData\572846244
[2011/03/17 22:23:51 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2011/03/17 22:23:51 | 000,000,144 | -HS- | C] () -- C:\ProgramData\34528136
[2011/03/17 22:23:26 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\686857391
[2011/01/11 18:49:28 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/12/06 18:41:38 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/11/04 16:51:06 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/10/07 21:59:36 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/08/12 23:38:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/12 01:46:25 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010/04/21 19:14:56 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/04/21 19:14:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/04/21 19:14:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/14 05:42:43 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/12/14 05:42:43 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/08/19 04:33:09 | 000,020,480 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 04:33:09 | 000,000,232 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 01:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/08 13:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== LOP Check ==========

[2011/03/25 21:43:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
[2010/11/25 00:48:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/06 15:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011/01/29 07:35:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2011/03/29 10:26:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire
[2010/10/20 11:06:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\No Company Name
[2010/11/23 19:57:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/26 00:03:22 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Roaming\SysWin
[2010/10/27 11:35:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TomTom
[2009/07/14 01:08:49 | 000,010,924 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by gottarun451, 04 April 2011 - 01:18 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there please be advised that any fix will be specific to this machine only, if run on another system it may cause damage

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/03/17 22:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\1308171847
    [2011/03/17 22:24:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
    [2011/03/17 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\1617751231
    [2011/03/17 22:23:28 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Roaming\SysWin
    [2011/03/25 23:40:30 | 000,011,484 | -HS- | M] () -- C:\Users\Owner\AppData\Local\74r43ey6o25187
    [2011/03/25 23:40:30 | 000,011,484 | -HS- | M] () -- C:\ProgramData\74r43ey6o25187
    [2011/03/25 23:52:35 | 000,001,185 | ---- | M] () -- C:\ProgramData\572846244
    [2011/03/25 23:52:18 | 000,000,144 | -HS- | M] () -- C:\ProgramData\34528136
    [2011/03/23 10:17:05 | 000,515,584 | -HS- | M] () -- C:\Windows\NlsData001awow.exe
    [2011/03/17 22:23:27 | 000,000,102 | ---- | M] () -- C:\Windows\SysWow64\686857391
    [2011/03/25 19:49:48 | 000,011,484 | -HS- | C] () -- C:\Users\Owner\AppData\Local\74r43ey6o25187
    [2011/03/25 19:49:48 | 000,011,484 | -HS- | C] () -- C:\ProgramData\74r43ey6o25187
    [2011/03/25 19:49:33 | 000,335,872 | -HS- | C] () -- C:\Users\Owner\AppData\Local\aeo.exe
    [2011/03/21 21:30:23 | 000,000,039 | ---- | C] () -- C:\ProgramData\2de8cdf
    [2011/03/17 22:24:05 | 000,001,185 | ---- | C] () -- C:\ProgramData\572846244
    [2011/03/17 22:23:51 | 000,000,144 | -HS- | C] () -- C:\ProgramData\34528136
    [2011/03/17 22:23:26 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\686857391

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
gottarun451

gottarun451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
All processes killed
========== OTL ==========
C:\ProgramData\1308171847 folder moved successfully.
C:\ProgramData\SysWoW32 folder moved successfully.
C:\ProgramData\1617751231 folder moved successfully.
C:\Users\Owner\AppData\Roaming\SysWin folder moved successfully.
C:\Users\Owner\AppData\Local\74r43ey6o25187 moved successfully.
C:\ProgramData\74r43ey6o25187 moved successfully.
C:\ProgramData\572846244 moved successfully.
C:\ProgramData\34528136 moved successfully.
C:\Windows\NlsData001awow.exe moved successfully.
C:\Windows\SysWOW64\686857391 moved successfully.
File C:\Users\Owner\AppData\Local\74r43ey6o25187 not found.
File C:\ProgramData\74r43ey6o25187 not found.
File C:\Users\Owner\AppData\Local\aeo.exe not found.
C:\ProgramData\2de8cdf moved successfully.
File C:\ProgramData\572846244 not found.
File C:\ProgramData\34528136 not found.
File C:\Windows\SysWow64\686857391 not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
File delete failed. C:\Users\Owner\Downloads\cmd.bat scheduled to be deleted on reboot.
C:\Users\Owner\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34208 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-OWNER-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34208 bytes
->Flash cache emptied: 56502 bytes

User: Owner
->Temp folder emptied: 1312138203 bytes
->Temporary Internet Files folder emptied: 266574483 bytes
->Java cache emptied: 10400902 bytes
->FireFox cache emptied: 52951170 bytes
->Flash cache emptied: 167017 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59657949 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 188284866 bytes

Total Files Cleaned = 1,803.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-OWNER-PC
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.22.3 log created on 04042011_203056

Files\Folders moved on Reboot...
C:\Users\Owner\Downloads\cmd.bat moved successfully.
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\rm2gnw3z.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\rm2gnw3z.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\rm2gnw3z.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\rm2gnw3z.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\rm2gnw3z.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...
  • 0

#4
gottarun451

gottarun451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
here is the second scan

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-05 10:46:46
-----------------------------
10:46:46.790 OS Version: Windows x64 6.1.7600
10:46:46.790 Number of processors: 2 586 0x170A
10:46:46.793 ComputerName: OWNER-PC UserName: Owner
10:46:48.377 Initialize success
10:46:50.645 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:46:50.648 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
10:46:50.665 Disk 0 MBR read successfully
10:46:50.668 Disk 0 MBR scan
10:46:50.670 Service scanning
10:46:51.776 Disk 0 trace - called modules:
10:46:51.820 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
10:46:51.825 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005777060]
10:46:51.832 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80046d26c0]
10:46:51.838 5 ACPI.sys[fffff88000ee2781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048b5050]
10:46:51.844 Scan finished successfully

Attached Files


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are your current problems ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#6
gottarun451

gottarun451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
mine has appeared to be gone. Thank you, ill be posting the other computers info on here shortly. (in a new post)
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Add it to this thread if you wish and then once done I will give clean up instructions for both.

On the other system run Both aswMBR in the scan mode and OTL scan as per your system
  • 0

#8
gottarun451

gottarun451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
everytime i click something on google it redirects me to random sites. this is my second post involving this same problem but this is computer number two. below is the OTL Report. Thank you. You help me once id appreciate it again. :D

OTL logfile created on: 4/5/2011 4:24:46 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Cochise\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 182.05 Gb Free Space | 63.21% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 7.52 Gb Free Space | 75.24% Space Free | Partition Type: NTFS

Computer Name: COCHISE-PC | User Name: Cochise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/05 16:24:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cochise\Desktop\OTL.exe
PRC - [2011/04/03 23:54:08 | 000,105,472 | -HS- | M] () -- C:\Users\Cochise\AppData\Roaming\SystemProc\lsass.exe
PRC - [2009/11/13 18:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/03/25 18:25:20 | 000,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/03/25 18:25:20 | 000,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/03/24 01:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/03/19 12:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\sminst\SftService.exe
PRC - [2009/02/02 22:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe
PRC - [2009/01/09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/09 10:22:10 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/01/09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/18 00:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
PRC - [2008/12/16 22:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/16 22:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/07/04 15:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
PRC - [2008/02/19 11:43:30 | 000,438,403 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe


========== Modules (SafeList) ==========

MOD - [2011/04/05 16:24:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cochise\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/01 15:21:30 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/03/25 11:59:30 | 000,153,920 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2008/12/22 05:26:38 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/22 05:26:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/13 16:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/05 14:21:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/25 18:25:20 | 000,797,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/03/24 01:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/03/19 12:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Windows\sminst\sftservice.EXE -- (SftService)
SRV - [2009/01/09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/09 10:22:10 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/01/09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2008/12/16 22:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/10/16 21:31:12 | 000,906,752 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/26 22:02:23 | 000,376,400 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/25 12:06:22 | 000,307,400 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/03/25 12:06:22 | 000,102,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/03/25 12:06:22 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/03/25 11:59:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/01/19 08:38:16 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2009/01/19 08:38:14 | 000,318,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/12/22 05:26:52 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/22 05:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/24 04:29:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/10/23 14:08:54 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2008/08/25 07:26:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/11/04 19:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/12/30 13:33:17 | 000,000,000 | ---D | M]

[2009/05/09 10:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cochise\AppData\Roaming\Mozilla\Extensions
[2009/05/09 10:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cochise\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RTHDBPL] C:\Users\Cochise\AppData\Roaming\SystemProc\lsass.exe ()
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Users\Cochise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 16:24:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Cochise\Desktop\OTL.exe
[2011/04/03 23:54:16 | 000,000,000 | -HSD | C] -- C:\Users\Cochise\AppData\Roaming\SystemProc
[2011/04/01 09:23:37 | 000,000,000 | ---D | C] -- C:\Users\Cochise\Documents\Spring quarter 2011
[2009/07/23 01:20:21 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Cochise\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 16:30:22 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9BD35530-4B54-40DC-8FB7-A3F49E8FDA97}.job
[2011/04/05 16:24:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cochise\Desktop\OTL.exe
[2011/04/05 16:21:15 | 000,019,249 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011/04/05 16:19:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 16:19:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 16:19:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/05 16:19:08 | 4251,865,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/02 21:58:34 | 000,000,680 | ---- | M] () -- C:\Users\Cochise\AppData\Local\d3d9caps.dat
[2011/04/01 09:09:47 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2011/03/30 14:19:53 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/30 14:19:53 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/30 14:19:53 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/30 11:35:13 | 000,002,255 | ---- | M] () -- C:\Users\Cochise\Desktop\iTunes.lnk
[2011/03/23 11:51:50 | 000,017,408 | ---- | M] () -- C:\Users\Cochise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/21 16:32:34 | 015,222,383 | ---- | M] () -- C:\Users\Cochise\Documents\162948.wmv
[2011/03/15 10:16:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/21 16:39:03 | 015,222,383 | ---- | C] () -- C:\Users\Cochise\Documents\162948.wmv
[2010/11/03 10:46:49 | 000,148,918 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/11/03 10:46:25 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/12/30 13:20:12 | 000,186,854 | ---- | C] () -- C:\Windows\hpwins23.dat
[2009/12/03 11:55:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 11:54:54 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 11:54:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/13 00:43:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/11 23:59:37 | 000,017,408 | ---- | C] () -- C:\Users\Cochise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/10 10:08:33 | 000,000,680 | ---- | C] () -- C:\Users\Cochise\AppData\Local\d3d9caps.dat
[2009/05/05 16:30:07 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/05 15:48:09 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/05/05 14:43:29 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\STWmiM.dll
[2009/05/05 14:43:29 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\STPE.dll
[2009/05/05 14:43:29 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\STShellVC6.dll
[2009/05/05 14:43:29 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
[2009/05/05 14:43:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/05/05 14:43:29 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\STRegistry.dll
[2009/05/05 14:43:29 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\STWiz.dll
[2009/05/05 14:43:29 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\STProcess.dll
[2009/05/05 14:43:28 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\STODD.dll
[2009/05/05 14:43:28 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\STODDRD.dll
[2009/05/05 14:43:28 | 000,266,240 | ---- | C] () -- C:\Windows\SysWow64\STODDIM.dll
[2009/05/05 14:43:28 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\STODDSC.dll
[2009/05/05 14:43:28 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\STLog.dll
[2009/05/05 14:43:28 | 000,115,712 | ---- | C] () -- C:\Windows\SysWow64\STNLS.dll
[2009/05/05 14:43:28 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\STMsXml.dll
[2009/05/05 14:43:28 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\STLangXml.dll
[2009/05/05 14:43:27 | 000,471,040 | ---- | C] () -- C:\Windows\SysWow64\PSTImage.dll
[2009/05/05 14:43:27 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\STFiles.dll
[2009/05/05 14:43:27 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\STCrypto.dll
[2009/05/05 14:43:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\PSTVdsDisk.dll
[2009/05/05 14:43:27 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\STFileMonitor.dll
[2009/05/05 14:43:27 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\STCoreXml.dll
[2009/05/05 14:43:26 | 001,118,208 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2009/05/05 14:14:59 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/10/25 05:30:45 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/03/30 10:46:30 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\FrostWire
[2009/12/30 13:31:34 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\funkitron
[2010/11/03 11:50:30 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\Image Zone Express
[2010/11/27 00:35:39 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\LimeWire
[2009/05/26 22:02:03 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\McGraw-HillLicensing
[2010/11/03 11:50:29 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\Printer Info Cache
[2011/04/03 23:54:16 | 000,000,000 | -HSD | M] -- C:\Users\Cochise\AppData\Roaming\SystemProc
[2009/12/09 15:21:59 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\WildTangent
[2011/03/15 10:16:04 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/04/01 09:09:47 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/04/05 16:15:29 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/05 16:30:22 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9BD35530-4B54-40DC-8FB7-A3F49E8FDA97}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I merged them to keep a bit of continuity

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2011/04/03 23:54:08 | 000,105,472 | -HS- | M] () -- C:\Users\Cochise\AppData\Roaming\SystemProc\lsass.exe
    O4 - HKCU..\Run: [RTHDBPL] C:\Users\Cochise\AppData\Roaming\SystemProc\lsass.exe ()
    [2011/04/03 23:54:16 | 000,000,000 | -HSD | C] -- C:\Users\Cochise\AppData\Roaming\SystemProc
    [2009/07/23 01:20:21 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Cochise\AppData\Roaming\DataSafeDotNet.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#10
gottarun451

gottarun451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
i spoke to soon about computer number 1. its starting to redirect again. Im downlaoding the antimalware on it now.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you both use the same router ?
  • 0

#12
gottarun451

gottarun451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
yes they do. i ran the OTL on computer number two, it rebooted. i copied the results and went to start the asw scan. when i hit scan the computer went to a blue screen then shut down.
  • 0

#13
gottarun451

gottarun451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
this is the results form computer #1s malware antivirus scan:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6281

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/5/2011 4:57:09 PM
mbam-log-2011-04-05 (16-57-09).txt

Scan type: Quick scan
Objects scanned: 176790
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Owner\AppData\Local\nxv.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Owner\AppData\Local\nxv.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Owner\AppData\Local\nxv.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Owner\downloads\Webfetti.exe (Adware.Iwon) -> Quarantined and deleted successfully.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK Could you reboot and try once more with aswMBR - if it crashes then run a fresh OTL scan for me please

We may need to reset the router as the re-infection of system 1 would suggest that probability

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • 0

#15
gottarun451

gottarun451

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
okay here is the otl rescan on computer #2.. it shutdown again when i tried the other one.
do you want me to restart the router now? or after another otl custom fix?


OTL logfile created on: 4/5/2011 5:30:31 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Cochise\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 183.34 Gb Free Space | 63.66% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 7.52 Gb Free Space | 75.24% Space Free | Partition Type: NTFS

Computer Name: COCHISE-PC | User Name: Cochise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/05 16:24:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cochise\Desktop\OTL.exe
PRC - [2009/11/13 18:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/03/25 18:25:20 | 000,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/03/25 18:25:20 | 000,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/03/24 01:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/03/19 12:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\sminst\SftService.exe
PRC - [2009/01/09 10:22:10 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/01/09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/18 00:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
PRC - [2008/12/16 22:14:48 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2008/12/16 22:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/07/04 15:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
PRC - [2008/02/19 11:43:30 | 000,438,403 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe


========== Modules (SafeList) ==========

MOD - [2011/04/05 16:24:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cochise\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/01 15:21:30 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/03/25 11:59:30 | 000,153,920 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2008/12/22 05:26:38 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/22 05:26:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/13 16:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/05 14:21:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/25 18:25:20 | 000,797,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/03/24 01:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/03/19 12:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Windows\sminst\sftservice.EXE -- (SftService)
SRV - [2009/01/09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/09 10:22:10 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/01/09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2008/12/16 22:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/10/16 21:31:12 | 000,906,752 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/26 22:02:23 | 000,376,400 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/25 12:06:22 | 000,307,400 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/03/25 12:06:22 | 000,102,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/03/25 12:06:22 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/03/25 11:59:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/01/19 08:38:16 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2009/01/19 08:38:14 | 000,318,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/12/22 05:26:52 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/22 05:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/24 04:29:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/10/23 14:08:54 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2008/08/25 07:26:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/11/04 19:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/12/30 13:33:17 | 000,000,000 | ---D | M]

[2009/05/09 10:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cochise\AppData\Roaming\Mozilla\Extensions
[2009/05/09 10:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cochise\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/04/05 16:46:09 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Users\Cochise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 16:46:37 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Users\Cochise\Desktop\aswMBR.exe
[2011/04/05 16:46:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/05 16:24:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Cochise\Desktop\OTL.exe
[2011/04/01 09:23:37 | 000,000,000 | ---D | C] -- C:\Users\Cochise\Documents\Spring quarter 2011
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 17:35:02 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9BD35530-4B54-40DC-8FB7-A3F49E8FDA97}.job
[2011/04/05 17:30:14 | 000,019,249 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011/04/05 17:28:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 17:28:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 17:28:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/05 17:28:12 | 4251,865,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/05 17:28:10 | 563,733,658 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/05 16:46:37 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Users\Cochise\Desktop\aswMBR.exe
[2011/04/05 16:24:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cochise\Desktop\OTL.exe
[2011/04/02 21:58:34 | 000,000,680 | ---- | M] () -- C:\Users\Cochise\AppData\Local\d3d9caps.dat
[2011/04/01 09:09:47 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2011/03/30 14:19:53 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/30 14:19:53 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/30 14:19:53 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/30 11:35:13 | 000,002,255 | ---- | M] () -- C:\Users\Cochise\Desktop\iTunes.lnk
[2011/03/23 11:51:50 | 000,017,408 | ---- | M] () -- C:\Users\Cochise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/21 16:32:34 | 015,222,383 | ---- | M] () -- C:\Users\Cochise\Documents\162948.wmv
[2011/03/15 10:16:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/21 16:39:03 | 015,222,383 | ---- | C] () -- C:\Users\Cochise\Documents\162948.wmv
[2010/11/03 10:46:49 | 000,148,918 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/11/03 10:46:25 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/12/30 13:20:12 | 000,186,854 | ---- | C] () -- C:\Windows\hpwins23.dat
[2009/12/03 11:55:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 11:54:54 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 11:54:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/13 00:43:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/11 23:59:37 | 000,017,408 | ---- | C] () -- C:\Users\Cochise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/10 10:08:33 | 000,000,680 | ---- | C] () -- C:\Users\Cochise\AppData\Local\d3d9caps.dat
[2009/05/05 16:30:07 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/05/05 15:48:09 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/05/05 14:43:29 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\STWmiM.dll
[2009/05/05 14:43:29 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\STPE.dll
[2009/05/05 14:43:29 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\STShellVC6.dll
[2009/05/05 14:43:29 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
[2009/05/05 14:43:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009/05/05 14:43:29 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\STRegistry.dll
[2009/05/05 14:43:29 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\STWiz.dll
[2009/05/05 14:43:29 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\STProcess.dll
[2009/05/05 14:43:28 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\STODD.dll
[2009/05/05 14:43:28 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\STODDRD.dll
[2009/05/05 14:43:28 | 000,266,240 | ---- | C] () -- C:\Windows\SysWow64\STODDIM.dll
[2009/05/05 14:43:28 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\STODDSC.dll
[2009/05/05 14:43:28 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\STLog.dll
[2009/05/05 14:43:28 | 000,115,712 | ---- | C] () -- C:\Windows\SysWow64\STNLS.dll
[2009/05/05 14:43:28 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\STMsXml.dll
[2009/05/05 14:43:28 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\STLangXml.dll
[2009/05/05 14:43:27 | 000,471,040 | ---- | C] () -- C:\Windows\SysWow64\PSTImage.dll
[2009/05/05 14:43:27 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\STFiles.dll
[2009/05/05 14:43:27 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\STCrypto.dll
[2009/05/05 14:43:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\PSTVdsDisk.dll
[2009/05/05 14:43:27 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\STFileMonitor.dll
[2009/05/05 14:43:27 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\STCoreXml.dll
[2009/05/05 14:43:26 | 001,118,208 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2009/05/05 14:14:59 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/10/25 05:30:45 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/03/30 10:46:30 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\FrostWire
[2009/12/30 13:31:34 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\funkitron
[2010/11/03 11:50:30 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\Image Zone Express
[2010/11/27 00:35:39 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\LimeWire
[2009/05/26 22:02:03 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\McGraw-HillLicensing
[2010/11/03 11:50:29 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\Printer Info Cache
[2009/12/09 15:21:59 | 000,000,000 | ---D | M] -- C:\Users\Cochise\AppData\Roaming\WildTangent
[2011/03/15 10:16:04 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/04/01 09:09:47 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/04/05 16:51:00 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/05 17:35:02 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9BD35530-4B54-40DC-8FB7-A3F49E8FDA97}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP