Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Redirect bug

Started by bikeguy08 , Jul 24 2011 04:31 PM

This topic is locked

#1
bikeguy08

Posted 24 July 2011 - 04:31 PM

Member

Member
45 posts

Hi
Been having the same issue as many of your followers with a google redirect bug. I tried a couple of your suggestions, the OTM solution did nothing. The OTL download worked, but after a few searches went back to redirecting. Also getting an error message after running Norton Power Eraser " System restore has been turned off by group policy", not sure if this is related. Here's what I got after the last OTL scan:

All processes killed
========== OTL ==========
Error: No service named WdiSystemHost32 was found to stop!
Service\Driver key WdiSystemHost32 not found.
File C:\Windows\SysWOW64\CMDLGD632.exe not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0865FCB5-5CE4-410B-AE5C-9533A6C82766}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0865FCB5-5CE4-410B-AE5C-9533A6C82766}\ not found.
File C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB50696-0ECE-4159-8022-001235683DB9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB50696-0ECE-4159-8022-001235683DB9}\ not found.
File C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
File C:\ProgramData\api-ms-win-core-memory-l1-1-032.exe not found.
File C:\Windows\SysWow64\CMDLGD632.exe not found.
File C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll not found.
File C:\Windows\SysWow64\1750567013 not found.
File C:\Windows\SysWow64\CMDLGD632.exe not found.
File C:\ProgramData\api-ms-win-core-memory-l1-1-032.exe not found.
File C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\BILL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\BILL\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINNT\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: BILL
->Temp folder emptied: 4074 bytes
->Temporary Internet Files folder emptied: 65938 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20378180 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 479 bytes

User: CJ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kathleen Goulet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35404 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 20.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: BILL
->Flash cache emptied: 0 bytes

User: CJ
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: Kathleen Goulet
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb

Unable to start service SrService!

OTL by OldTimer - Version 3.2.26.1 log created on 07242011_181404

Files\Folders moved on Reboot...
File\Folder C:\WINNT\temp\Perflib_Perfdata_57c.dat not found!
File\Folder C:\WINNT\temp\Perflib_Perfdata_754.dat not found!

Registry entries deleted on Reboot...

#2
Essexboy

Posted 25 July 2011 - 10:37 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi it looks as though you have run a fix that was constructed for someone else, all infections are unique and need to be handled as such... So lets start from the beginning

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#3
bikeguy08

Posted 27 July 2011 - 02:12 PM

Member

Topic Starter
Member
45 posts

Here are the log results.

OTL logfile created on: 7/27/2011 3:51:22 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\BILL\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 471.50 Mb Available Physical Memory | 46.08% Memory free
1.28 Gb Paging File | 0.73 Gb Available in Paging File | 56.77% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 6.84 Gb Free Space | 18.36% Space Free | Partition Type: NTFS

Computer Name: S0026081863 | User Name: BILL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/22 20:09:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BILL\Desktop\OTL.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2002/03/18 09:34:42 | 000,364,544 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
PRC - [2002/03/18 09:34:42 | 000,102,400 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\VisualIPInsight\ipmon32.exe
PRC - [2001/11/27 09:55:50 | 000,101,615 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe

========== Modules (SafeList) ==========

MOD - [2011/07/22 20:09:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BILL\Desktop\OTL.exe
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\asoehook.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/03/18 09:34:42 | 000,094,208 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\VisualIPInsight\iphook32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PictureTaker)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/29 09:18:30 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\iprip.dll -- (Iprip)

========== Driver Services (SafeList) ==========

DRV - [2011/07/27 08:51:06 | 000,083,064 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\SMR200.SYS -- (SMR200)
DRV - [2011/07/22 20:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110725.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/06/06 16:19:53 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110727.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/06 16:19:53 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/06/06 16:19:53 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/06 16:19:53 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110727.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/06 16:04:37 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/11/27 09:55:50 | 001,143,360 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GWMDM.sys -- (GTWModem)
DRV - [2001/08/17 15:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/09 22:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear...erms}&l=zs&o=sb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C FA DD 05 A9 A3 FC 4F 90 64 C5 94 2D E0 E0 59 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.boston.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.31.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/07/08 09:37:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_0_8 [2011/07/27 08:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 00:12:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 13:00:48 | 000,000,000 | ---D | M]

[2011/05/11 06:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Extensions
[2011/07/23 11:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions
[2011/07/23 12:03:28 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions\{1d80ab0f-df56-4775-8658-adc503c1c5a6}
[2011/07/25 10:35:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions\{93c8f790-af5a-404d-b3a6-7a607bc792ac}
[2011/05/11 06:50:38 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions\[email protected]
[2010/03/24 16:57:36 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\bing.xml
[2009/10/27 18:44:48 | 000,009,949 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\mywebsearch.xml
[2011/06/06 19:08:24 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\safesearch.xml
[2011/05/12 01:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/27 08:50:04 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\COFFPLGN_2011_7_0_8
[2011/07/08 09:37:05 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPLGN
[2011/05/11 14:36:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/02 00:12:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/06/16 09:19:59 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/24 18:14:13 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe ()
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [Microsoft Works Update Detection] File not found
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.a...83/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1205768523015 (MUWebControl Class)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.a...,20/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BILL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/01 23:02:02 | 000,000,002 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/03/18 20:15:18 | 004,300,044 | ---- | M] () - C:\Autorun.exe -- [ NTFS ]
O32 - AutoRun File - [2002/05/02 14:44:42 | 000,000,105 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINNT\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 08:51:05 | 000,083,064 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\SMR200.SYS
[2011/07/27 08:50:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BILL\Recent
[2011/07/25 09:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/25 09:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/24 15:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BILL\Local Settings\Application Data\NPE
[2011/07/24 15:43:38 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\BILL\Desktop\NPE.exe
[2011/07/23 19:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BILL\Application Data\Tific
[2011/07/22 20:17:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/22 20:09:01 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BILL\Desktop\OTL.exe
[2011/07/22 19:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BILL\Desktop\GooredFix Backups
[2011/07/22 19:19:21 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/08 10:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BILL\My Documents\Metrosouth
[2011/07/08 09:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2 C:\Documents and Settings\BILL\Desktop\*.tmp files -> C:\Documents and Settings\BILL\Desktop\*.tmp -> ]
[19 C:\Documents and Settings\BILL\My Documents\*.tmp files -> C:\Documents and Settings\BILL\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\BILL\*.tmp files -> C:\Documents and Settings\BILL\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 08:51:22 | 000,000,438 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.ics
[2011/07/27 08:51:11 | 000,000,020 | ---- | M] () -- C:\WINNT\System32\drivers\SMR200.dat
[2011/07/27 08:51:06 | 000,083,064 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\SMR200.SYS
[2011/07/27 08:51:06 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/07/27 08:49:23 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/07/27 08:49:15 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/27 08:48:09 | 000,000,206 | ---- | M] () -- C:\boot.ini
[2011/07/26 09:02:32 | 000,034,764 | ---- | M] () -- C:\Documents and Settings\BILL\Desktop\spinner-pro-6800_240wh.gif
[2011/07/25 09:28:25 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/24 18:14:13 | 000,000,098 | ---- | M] () -- C:\WINNT\System32\drivers\etc\Hosts
[2011/07/24 15:43:50 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\BILL\Desktop\NPE.exe
[2011/07/24 08:48:07 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/23 11:24:17 | 000,000,069 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2011/07/22 20:09:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BILL\Desktop\OTL.exe
[2011/07/22 10:02:40 | 000,118,552 | ---- | M] () -- C:\Documents and Settings\BILL\Desktop\Aussie Rules.pdf
[2011/07/21 18:07:54 | 000,000,065 | ---- | M] () -- C:\WINNT\System32\371802561
[2011/07/18 15:30:04 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2011/07/17 14:31:15 | 000,309,192 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/07/04 14:55:12 | 000,000,272 | ---- | M] () -- C:\{9FC48D3D-E171-4553-9311-AAD7B434DCAF}
[2 C:\Documents and Settings\BILL\Desktop\*.tmp files -> C:\Documents and Settings\BILL\Desktop\*.tmp -> ]
[19 C:\Documents and Settings\BILL\My Documents\*.tmp files -> C:\Documents and Settings\BILL\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\BILL\*.tmp files -> C:\Documents and Settings\BILL\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 08:51:09 | 000,000,020 | ---- | C] () -- C:\WINNT\System32\drivers\SMR200.dat
[2011/07/26 09:02:30 | 000,034,764 | ---- | C] () -- C:\Documents and Settings\BILL\Desktop\spinner-pro-6800_240wh.gif
[2011/07/25 09:28:25 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/23 11:24:17 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2011/07/21 18:07:43 | 000,000,065 | ---- | C] () -- C:\WINNT\System32\371802561
[2011/07/08 09:33:46 | 000,000,284 | ---- | C] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2011/07/08 09:33:44 | 000,001,826 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/04 14:55:12 | 000,000,272 | ---- | C] () -- C:\{9FC48D3D-E171-4553-9311-AAD7B434DCAF}
[2011/06/06 10:26:08 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2011/05/11 11:25:54 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2010/07/16 15:32:37 | 000,000,000 | ---- | C] () -- C:\WINNT\Qzinifasocukexug.bin
[2010/07/16 15:32:36 | 000,000,120 | ---- | C] () -- C:\WINNT\Kzapejabiveb.dat
[2010/06/13 13:48:38 | 001,503,232 | ---- | C] () -- C:\WINNT\System32\ptj.exe
[2010/06/13 13:48:38 | 001,103,360 | ---- | C] () -- C:\WINNT\System32\cidfont.dll
[2010/06/13 13:48:36 | 004,369,408 | ---- | C] () -- C:\WINNT\System32\pdftk.exe
[2010/06/13 13:48:36 | 000,235,008 | ---- | C] () -- C:\WINNT\System32\office.exe
[2010/06/03 15:15:32 | 000,021,124 | ---- | C] () -- C:\WINNT\hpomdl07.dat.temp
[2010/03/18 20:31:41 | 000,000,048 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat
[2010/02/11 07:06:29 | 000,000,183 | ---- | C] () -- C:\WINNT\System32\MRT.INI
[2010/01/29 18:56:42 | 000,066,016 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat
[2009/12/20 16:26:32 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\MSVolumeAMP.dll
[2009/12/07 21:00:53 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\imgpdf2.dll
[2009/09/29 12:54:57 | 000,000,227 | ---- | C] () -- C:\WINNT\HP_CounterReport_Update_HPSU.ini
[2008/12/07 19:50:20 | 000,113,168 | ---- | C] () -- C:\WINNT\hpoins07.dat
[2008/12/07 19:50:20 | 000,021,124 | ---- | C] () -- C:\WINNT\hpomdl07.dat
[2008/12/07 12:44:03 | 000,000,214 | ---- | C] () -- C:\WINNT\HP_48BitScanUpdatePatch.ini
[2008/12/04 21:36:24 | 000,000,221 | ---- | C] () -- C:\WINNT\HP_RedboxHprblog_HPSU.ini
[2008/11/25 12:07:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\BILL\Application Data\AVSMediaPlayer.m3u
[2008/11/25 12:03:47 | 000,524,288 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2008/11/25 12:03:47 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2008/06/02 14:40:50 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\BILL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/06 08:31:43 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2008/03/11 12:55:13 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/13 09:55:26 | 000,000,071 | ---- | C] () -- C:\WINNT\C64.ini
[2007/08/13 09:53:16 | 000,000,182 | ---- | C] () -- C:\WINNT\System32\EBPPORT4.DAT
[2007/05/14 08:17:34 | 000,126,976 | ---- | C] () -- C:\WINNT\System32\unzdll.dll
[2007/03/29 13:37:15 | 000,091,648 | ---- | C] () -- C:\WINNT\gzip.exe
[2007/03/09 10:04:25 | 000,000,010 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/10/27 19:07:57 | 000,000,848 | ---- | C] () -- C:\WINNT\Hbcwty01.ini
[2005/10/27 19:03:48 | 000,000,015 | ---- | C] () -- C:\WINNT\wgedit.ini
[2005/03/02 22:49:48 | 000,000,715 | ---- | C] () -- C:\WINNT\aolback.exe.lnk
[2005/01/12 20:53:41 | 000,000,988 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2004/12/28 10:30:46 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2004/09/08 19:15:03 | 000,000,171 | ---- | C] () -- C:\WINNT\WININIT.INI
[2004/09/08 19:14:59 | 000,000,000 | ---- | C] () -- C:\WINNT\SETUP32.INI
[2004/06/04 20:44:56 | 000,000,145 | ---- | C] () -- C:\WINNT\System32\EBPPORT3.DAT
[2003/08/26 17:13:44 | 000,000,026 | ---- | C] () -- C:\WINNT\UP9ASP.INI
[2003/08/15 13:38:21 | 000,000,335 | ---- | C] () -- C:\WINNT\nsreg.dat
[2003/05/19 18:33:00 | 000,006,550 | ---- | C] () -- C:\WINNT\jautoexp.dat
[2003/03/01 20:59:06 | 000,040,960 | ---- | C] () -- C:\WINNT\System32\wh2robo.dll
[2003/03/01 20:59:06 | 000,040,448 | ---- | C] () -- C:\WINNT\System32\regobj.dll
[2002/11/30 09:17:46 | 000,000,218 | ---- | C] () -- C:\WINNT\disney.ini
[2002/11/05 18:49:39 | 000,000,145 | ---- | C] () -- C:\WINNT\SYMGAMES.INI
[2002/10/27 13:52:08 | 000,000,532 | ---- | C] () -- C:\WINNT\eReg.dat
[2002/05/25 08:58:31 | 000,000,010 | ---- | C] () -- C:\WINNT\SIERRA.INI
[2002/05/25 08:58:27 | 000,000,042 | ---- | C] () -- C:\WINNT\ka.INI
[2002/05/10 16:54:14 | 000,000,950 | ---- | C] () -- C:\WINNT\hegames.ini
[2002/02/23 21:33:18 | 000,045,568 | ---- | C] () -- C:\WINNT\UniFish3.exe
[2002/02/10 13:37:58 | 000,000,903 | ---- | C] () -- C:\WINNT\PowerReg.dat
[2002/02/10 13:36:40 | 000,000,023 | ---- | C] () -- C:\WINNT\EPSC80.ini
[2002/02/01 23:02:39 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2002/02/01 22:45:04 | 000,000,699 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2002/01/11 15:15:24 | 000,109,056 | ---- | C] () -- C:\WINNT\UNWISE32.EXE
[2002/01/11 15:15:24 | 000,082,864 | ---- | C] () -- C:\WINNT\UNWISE.EXE
[2002/01/11 15:15:24 | 000,004,051 | ---- | C] () -- C:\WINNT\unwise32.ini
[2002/01/11 15:15:24 | 000,004,051 | ---- | C] () -- C:\WINNT\unwise.ini
[2002/01/11 15:15:23 | 000,377,600 | ---- | C] () -- C:\WINNT\System32\BOCOLE.DLL
[2002/01/11 15:15:23 | 000,167,456 | ---- | C] () -- C:\WINNT\System32\Bocof.dll
[2002/01/11 15:14:57 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/01/11 15:12:44 | 000,040,960 | ---- | C] () -- C:\WINNT\uneng.exe
[2002/01/11 14:11:36 | 000,040,960 | ---- | C] () -- C:\WINNT\GWMDMpi.exe
[2001/10/09 15:08:15 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2001/10/09 14:54:47 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2001/10/09 14:47:40 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2001/10/09 14:40:34 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2001/10/09 14:39:46 | 000,309,192 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2000/09/13 22:03:00 | 000,000,145 | ---- | C] () -- C:\WINNT\System32\EBPPORT.DAT
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\vidx16.dll
[1980/01/01 02:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1980/01/01 02:00:00 | 000,306,968 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1980/01/01 02:00:00 | 000,038,548 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,005,114 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[1980/01/01 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

========== LOP Check ==========

[2011/05/11 06:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2011/05/11 06:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2011/06/08 21:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dN42900EmAlA42900
[2011/05/11 06:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2011/05/11 06:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2011/05/11 06:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/05/11 06:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2011/05/11 06:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/11 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/05/11 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/11 06:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Aim
[2011/05/11 06:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\com.constantcontact.add.to.constant.contact.93436992F81E3F56888A803A704436FF5667EB0D.1
[2011/05/11 06:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Final Draft
[2011/05/11 06:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\GetRightToGo
[2011/05/11 06:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Image Zone Express
[2011/05/11 06:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\InterTrust
[2011/05/11 06:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\LimeWire
[2011/05/11 06:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\MSNInstaller
[2011/05/11 06:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\OverDrive
[2011/05/11 06:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Smart PDF Converter Pro
[2011/05/11 06:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Snapfish
[2011/07/23 19:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Tific

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2004/03/18 20:15:18 | 004,300,044 | ---- | M] () -- C:\Autorun.exe
[2004/06/28 02:05:18 | 027,387,392 | ---- | M] () -- C:\fd70040.exe
[2003/10/01 14:18:32 | 008,072,192 | ---- | M] () -- C:\Final Draft AV 2 Demo.exe
[2008/09/08 10:25:43 | 065,324,566 | ---- | M] () -- C:\Final.Draft.7.exe
[2004/07/09 20:57:16 | 000,049,152 | ---- | M] () -- C:\Final.Draft.7.Keygen.exe
[2003/03/27 15:20:28 | 001,294,296 | ---- | M] (Macromedia, Inc.) -- C:\FinalDraftAV.exe
[2009/06/16 09:16:26 | 000,243,048 | ---- | M] () -- C:\hkinstaller.exe
[2004/04/07 18:07:02 | 027,332,608 | ---- | M] () -- C:\setup.exe

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINNT\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINNT\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINNT\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINNT\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINNT\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINNT\$NtServicePackUninstall$\winlogon.exe
[2001/08/18 14:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=2B0E480E975EE51F2D5CE5F068FED6E2 -- C:\WINNT\$NtUninstallKB841533$\winlogon.exe
[2004/05/26 21:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINNT\$hf_mig$\KB840987\SP1QFE\winlogon.exe
[2004/05/26 21:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINNT\$hf_mig$\KB841533\SP1QFE\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/02 00:12:28 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/02 00:12:28 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/02 00:12:28 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/02 00:12:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/02 00:12:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/02 00:12:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINNT\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/02 00:12:28 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/02 00:12:28 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/02 00:12:28 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/02 00:12:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/02 00:12:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/02 00:12:32 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINNT\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 1125 bytes -> C:\Documents and Settings\BILL\My Documents\Fwd_Fw_Pleasesendback.eml:OECustomProperty

< End of report >

#4
Essexboy

Posted 27 July 2011 - 02:22 PM

GeekU Moderator

Retired Staff
69,964 posts

On completion of this run can you check for redirects please

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsear...erms}&l=zs&o=sb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C FA DD 05 A9 A3 FC 4F 90 64 C5 94 2D E0 E0 59 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
[2009/10/27 18:44:48 | 000,009,949 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\mywebsearch.xml
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
[2011/07/21 18:07:54 | 000,000,065 | ---- | M] () -- C:\WINNT\System32\371802561
[2011/06/06 10:26:08 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2011/05/11 11:25:54 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2010/07/16 15:32:37 | 000,000,000 | ---- | C] () -- C:\WINNT\Qzinifasocukexug.bin
[2010/07/16 15:32:36 | 000,000,120 | ---- | C] () -- C:\WINNT\Kzapejabiveb.dat
[2010/06/13 13:48:38 | 001,503,232 | ---- | C] () -- C:\WINNT\System32\ptj.exe
[2011/06/08 21:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dN42900EmAlA42900

:REG
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#5
bikeguy08

Posted 27 July 2011 - 02:34 PM

Member

Topic Starter
Member
45 posts

I already have Malwarebytes loaded on my computer, should I just run that?

#6
Essexboy

Posted 27 July 2011 - 02:37 PM

GeekU Moderator

Retired Staff
69,964 posts

Yep but update it first

#7
bikeguy08

Posted 27 July 2011 - 02:50 PM

Member

Topic Starter
Member
45 posts

Here is the result of the last OTL scan, will run Malwarebytes now

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultUrl| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\mywebsearch.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}\ not found.
C:\WINNT\system32\371802561 moved successfully.
C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176 moved successfully.
C:\WINNT\system32\fxsperf.ini moved successfully.
C:\WINNT\Qzinifasocukexug.bin moved successfully.
C:\WINNT\Kzapejabiveb.dat moved successfully.
C:\WINNT\system32\ptj.exe moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\dN42900EmAlA42900\ not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\BILL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\BILL\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINNT\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: BILL
->Temp folder emptied: 44883209 bytes
->Temporary Internet Files folder emptied: 43995349 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57240143 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1570 bytes

User: CJ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kathleen Goulet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34996 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 192522 bytes

Total Files Cleaned = 140.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: BILL
->Flash cache emptied: 0 bytes

User: CJ
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: Kathleen Goulet
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 07272011_163631

Files\Folders moved on Reboot...
File\Folder C:\WINNT\temp\Perflib_Perfdata_730.dat not found!
File\Folder C:\WINNT\temp\Perflib_Perfdata_d4.dat not found!

Registry entries deleted on Reboot...

#8
Essexboy

Posted 27 July 2011 - 02:54 PM

GeekU Moderator

Retired Staff
69,964 posts

If my assessment was correct the redirects should be gone

#9
bikeguy08

Posted 27 July 2011 - 03:02 PM

Member

Topic Starter
Member
45 posts

Nope... Still redirecting but not on every search.

#10
bikeguy08

Posted 27 July 2011 - 03:05 PM

Member

Topic Starter
Member
45 posts

Malwarebytes quick scan came up clean.

#11
Essexboy

Posted 27 July 2011 - 03:20 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you rerun OTL please but this time select all users

[attachment=51504:Capture.GIF]

#12
bikeguy08

Posted 27 July 2011 - 03:37 PM

Member

Topic Starter
Member
45 posts

Here you go

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultUrl| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\mywebsearch.xml not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}\ not found.
File C:\WINNT\System32\371802561 not found.
File C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176 not found.
File C:\WINNT\System32\fxsperf.ini not found.
File C:\WINNT\Qzinifasocukexug.bin not found.
File C:\WINNT\Kzapejabiveb.dat not found.
File C:\WINNT\System32\ptj.exe not found.
Folder C:\Documents and Settings\All Users\Application Data\dN42900EmAlA42900\ not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\BILL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\BILL\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINNT\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: BILL
->Temp folder emptied: 810 bytes
->Temporary Internet Files folder emptied: 786834 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30418158 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1259 bytes

User: CJ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kathleen Goulet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34996 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 30.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: BILL
->Flash cache emptied: 0 bytes

User: CJ
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: Kathleen Goulet
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 07272011_172939

Files\Folders moved on Reboot...
C:\WINNT\temp\Perflib_Perfdata_108.dat moved successfully.
File move failed. C:\WINNT\temp\Perflib_Perfdata_740.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#13
Essexboy

Posted 27 July 2011 - 03:39 PM

GeekU Moderator

Retired Staff
69,964 posts

My apologies I meant a fresh quick scan with all users selected

#14
bikeguy08

Posted 27 July 2011 - 04:38 PM

Member

Topic Starter
Member
45 posts

Try this

OTL logfile created on: 7/27/2011 6:32:23 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\BILL\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.30 Mb Total Physical Memory | 461.97 Mb Available Physical Memory | 45.15% Memory free
1.28 Gb Paging File | 0.65 Gb Available in Paging File | 50.44% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 6.81 Gb Free Space | 18.28% Space Free | Partition Type: NTFS

Computer Name: S0026081863 | User Name: BILL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/22 20:09:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BILL\Desktop\OTL.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2002/03/18 09:34:42 | 000,364,544 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
PRC - [2002/03/18 09:34:42 | 000,102,400 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\VisualIPInsight\ipmon32.exe
PRC - [2001/11/27 09:55:50 | 000,101,615 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe

========== Modules (SafeList) ==========

MOD - [2011/07/22 20:09:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BILL\Desktop\OTL.exe
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\asoehook.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/03/18 09:34:42 | 000,094,208 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\VisualIPInsight\iphook32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PictureTaker)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/29 09:18:30 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\iprip.dll -- (Iprip)

========== Driver Services (SafeList) ==========

DRV - [2011/07/22 20:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/07 17:01:40 | 000,355,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110725.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/06/06 16:19:53 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110727.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/06 16:19:53 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/06/06 16:19:53 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/06 16:19:53 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110727.001\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/06 16:04:37 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/11/27 09:55:50 | 001,143,360 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GWMDM.sys -- (GTWModem)
DRV - [2001/08/17 15:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 14:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/09 22:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C FA DD 05 A9 A3 FC 4F 90 64 C5 94 2D E0 E0 59 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C FA DD 05 A9 A3 FC 4F 90 64 C5 94 2D E0 E0 59 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C FA DD 05 A9 A3 FC 4F 90 64 C5 94 2D E0 E0 59 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C FA DD 05 A9 A3 FC 4F 90 64 C5 94 2D E0 E0 59 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
IE - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl =
IE - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
IE - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.boston.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.31.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/07/08 09:37:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_0_8 [2011/07/27 17:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 00:12:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 13:00:48 | 000,000,000 | ---D | M]

[2011/05/11 06:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Extensions
[2011/07/23 11:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions
[2011/07/23 12:03:28 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions\{1d80ab0f-df56-4775-8658-adc503c1c5a6}
[2011/07/25 10:35:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions\{93c8f790-af5a-404d-b3a6-7a607bc792ac}
[2011/05/11 06:50:38 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions\[email protected]
[2010/03/24 16:57:36 | 000,001,828 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\bing.xml
[2011/06/06 19:08:24 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\safesearch.xml
[2011/05/12 01:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/27 17:31:38 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\COFFPLGN_2011_7_0_8
[2011/07/08 09:37:05 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPLGN
[2011/05/11 14:36:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/02 00:12:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/06/16 09:19:59 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/27 17:29:43 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe ()
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010..\Run: [Microsoft Works Update Detection] File not found
O4 - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\LimeWire On Startup (2).lnk = File not found
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\LimeWire On Startup (3).lnk = File not found
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - File not found
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3604470327-3723271197-3242847100-1010\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.a...83/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1205768523015 (MUWebControl Class)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.a...,20/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BILL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/01 23:02:02 | 000,000,002 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/03/18 20:15:18 | 004,300,044 | ---- | M] () - C:\Autorun.exe -- [ NTFS ]
O32 - AutoRun File - [2002/05/02 14:44:42 | 000,000,105 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 17:33:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BILL\Recent
[2011/07/25 09:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/25 09:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/24 15:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BILL\Local Settings\Application Data\NPE
[2011/07/24 15:43:38 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\BILL\Desktop\NPE.exe
[2011/07/23 19:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BILL\Application Data\Tific
[2011/07/22 20:17:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/22 20:09:01 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BILL\Desktop\OTL.exe
[2011/07/22 19:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BILL\Desktop\GooredFix Backups
[2011/07/22 19:19:21 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/08 10:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BILL\My Documents\Metrosouth
[2011/07/08 09:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2 C:\Documents and Settings\BILL\Desktop\*.tmp files -> C:\Documents and Settings\BILL\Desktop\*.tmp -> ]
[19 C:\Documents and Settings\BILL\My Documents\*.tmp files -> C:\Documents and Settings\BILL\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\BILL\*.tmp files -> C:\Documents and Settings\BILL\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 17:32:09 | 000,000,437 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts.ics
[2011/07/27 17:32:03 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/07/27 17:31:06 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/07/27 17:30:58 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/27 17:29:43 | 000,000,098 | ---- | M] () -- C:\WINNT\System32\drivers\etc\Hosts
[2011/07/27 17:07:59 | 000,000,069 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2011/07/27 16:29:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\BILL\Desktop\MBR.dat
[2011/07/27 08:48:09 | 000,000,206 | ---- | M] () -- C:\boot.ini
[2011/07/26 09:02:32 | 000,034,764 | ---- | M] () -- C:\Documents and Settings\BILL\Desktop\spinner-pro-6800_240wh.gif
[2011/07/25 09:28:25 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/24 15:43:50 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\BILL\Desktop\NPE.exe
[2011/07/24 08:48:07 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/22 20:09:01 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BILL\Desktop\OTL.exe
[2011/07/22 10:02:40 | 000,118,552 | ---- | M] () -- C:\Documents and Settings\BILL\Desktop\Aussie Rules.pdf
[2011/07/18 15:30:04 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2011/07/17 14:31:15 | 000,309,192 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/07/04 14:55:12 | 000,000,272 | ---- | M] () -- C:\{9FC48D3D-E171-4553-9311-AAD7B434DCAF}
[2 C:\Documents and Settings\BILL\Desktop\*.tmp files -> C:\Documents and Settings\BILL\Desktop\*.tmp -> ]
[19 C:\Documents and Settings\BILL\My Documents\*.tmp files -> C:\Documents and Settings\BILL\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\BILL\*.tmp files -> C:\Documents and Settings\BILL\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/27 16:29:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\BILL\Desktop\MBR.dat
[2011/07/26 09:02:30 | 000,034,764 | ---- | C] () -- C:\Documents and Settings\BILL\Desktop\spinner-pro-6800_240wh.gif
[2011/07/25 09:28:25 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/23 11:24:17 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2011/07/08 09:33:46 | 000,000,284 | ---- | C] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2011/07/08 09:33:44 | 000,001,826 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/04 14:55:12 | 000,000,272 | ---- | C] () -- C:\{9FC48D3D-E171-4553-9311-AAD7B434DCAF}
[2010/06/13 13:48:38 | 001,103,360 | ---- | C] () -- C:\WINNT\System32\cidfont.dll
[2010/06/13 13:48:36 | 004,369,408 | ---- | C] () -- C:\WINNT\System32\pdftk.exe
[2010/06/13 13:48:36 | 000,235,008 | ---- | C] () -- C:\WINNT\System32\office.exe
[2010/06/03 15:15:32 | 000,021,124 | ---- | C] () -- C:\WINNT\hpomdl07.dat.temp
[2010/03/18 20:31:41 | 000,000,048 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat
[2010/02/11 07:06:29 | 000,000,183 | ---- | C] () -- C:\WINNT\System32\MRT.INI
[2010/01/29 18:56:42 | 000,066,016 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat
[2009/12/20 16:26:32 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\MSVolumeAMP.dll
[2009/12/07 21:00:53 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\imgpdf2.dll
[2009/09/29 12:54:57 | 000,000,227 | ---- | C] () -- C:\WINNT\HP_CounterReport_Update_HPSU.ini
[2008/12/07 19:50:20 | 000,113,168 | ---- | C] () -- C:\WINNT\hpoins07.dat
[2008/12/07 19:50:20 | 000,021,124 | ---- | C] () -- C:\WINNT\hpomdl07.dat
[2008/12/07 12:44:03 | 000,000,214 | ---- | C] () -- C:\WINNT\HP_48BitScanUpdatePatch.ini
[2008/12/04 21:36:24 | 000,000,221 | ---- | C] () -- C:\WINNT\HP_RedboxHprblog_HPSU.ini
[2008/11/25 12:07:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\BILL\Application Data\AVSMediaPlayer.m3u
[2008/11/25 12:03:47 | 000,524,288 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2008/11/25 12:03:47 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2008/06/02 14:40:50 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\BILL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/06 08:31:43 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2008/03/11 12:55:13 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/13 09:55:26 | 000,000,071 | ---- | C] () -- C:\WINNT\C64.ini
[2007/08/13 09:53:16 | 000,000,182 | ---- | C] () -- C:\WINNT\System32\EBPPORT4.DAT
[2007/05/14 08:17:34 | 000,126,976 | ---- | C] () -- C:\WINNT\System32\unzdll.dll
[2007/03/29 13:37:15 | 000,091,648 | ---- | C] () -- C:\WINNT\gzip.exe
[2007/03/09 10:04:25 | 000,000,010 | ---- | C] () -- C:\WINNT\msoffice.ini
[2005/10/27 19:07:57 | 000,000,848 | ---- | C] () -- C:\WINNT\Hbcwty01.ini
[2005/10/27 19:03:48 | 000,000,015 | ---- | C] () -- C:\WINNT\wgedit.ini
[2005/03/02 22:49:48 | 000,000,715 | ---- | C] () -- C:\WINNT\aolback.exe.lnk
[2005/01/12 20:53:41 | 000,000,988 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2004/12/28 10:30:46 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2004/09/08 19:15:03 | 000,000,171 | ---- | C] () -- C:\WINNT\WININIT.INI
[2004/09/08 19:14:59 | 000,000,000 | ---- | C] () -- C:\WINNT\SETUP32.INI
[2004/06/04 20:44:56 | 000,000,145 | ---- | C] () -- C:\WINNT\System32\EBPPORT3.DAT
[2003/08/26 17:13:44 | 000,000,026 | ---- | C] () -- C:\WINNT\UP9ASP.INI
[2003/08/15 13:38:21 | 000,000,335 | ---- | C] () -- C:\WINNT\nsreg.dat
[2003/05/19 18:33:00 | 000,006,550 | ---- | C] () -- C:\WINNT\jautoexp.dat
[2003/03/01 20:59:06 | 000,040,960 | ---- | C] () -- C:\WINNT\System32\wh2robo.dll
[2003/03/01 20:59:06 | 000,040,448 | ---- | C] () -- C:\WINNT\System32\regobj.dll
[2002/11/30 09:17:46 | 000,000,218 | ---- | C] () -- C:\WINNT\disney.ini
[2002/11/05 18:49:39 | 000,000,145 | ---- | C] () -- C:\WINNT\SYMGAMES.INI
[2002/10/27 13:52:08 | 000,000,532 | ---- | C] () -- C:\WINNT\eReg.dat
[2002/05/25 08:58:31 | 000,000,010 | ---- | C] () -- C:\WINNT\SIERRA.INI
[2002/05/25 08:58:27 | 000,000,042 | ---- | C] () -- C:\WINNT\ka.INI
[2002/05/10 16:54:14 | 000,000,950 | ---- | C] () -- C:\WINNT\hegames.ini
[2002/02/23 21:33:18 | 000,045,568 | ---- | C] () -- C:\WINNT\UniFish3.exe
[2002/02/10 13:37:58 | 000,000,903 | ---- | C] () -- C:\WINNT\PowerReg.dat
[2002/02/10 13:36:40 | 000,000,023 | ---- | C] () -- C:\WINNT\EPSC80.ini
[2002/02/01 23:02:39 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2002/02/01 22:45:04 | 000,000,699 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2002/01/11 15:15:24 | 000,109,056 | ---- | C] () -- C:\WINNT\UNWISE32.EXE
[2002/01/11 15:15:24 | 000,082,864 | ---- | C] () -- C:\WINNT\UNWISE.EXE
[2002/01/11 15:15:24 | 000,004,051 | ---- | C] () -- C:\WINNT\unwise32.ini
[2002/01/11 15:15:24 | 000,004,051 | ---- | C] () -- C:\WINNT\unwise.ini
[2002/01/11 15:15:23 | 000,377,600 | ---- | C] () -- C:\WINNT\System32\BOCOLE.DLL
[2002/01/11 15:15:23 | 000,167,456 | ---- | C] () -- C:\WINNT\System32\Bocof.dll
[2002/01/11 15:14:57 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/01/11 15:12:44 | 000,040,960 | ---- | C] () -- C:\WINNT\uneng.exe
[2002/01/11 14:11:36 | 000,040,960 | ---- | C] () -- C:\WINNT\GWMDMpi.exe
[2001/10/09 15:08:15 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2001/10/09 14:54:47 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2001/10/09 14:47:40 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2001/10/09 14:40:34 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2001/10/09 14:39:46 | 000,309,192 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2000/09/13 22:03:00 | 000,000,145 | ---- | C] () -- C:\WINNT\System32\EBPPORT.DAT
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\vidx16.dll
[1980/01/01 02:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1980/01/01 02:00:00 | 000,306,968 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1980/01/01 02:00:00 | 000,038,548 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,005,114 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[1980/01/01 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

========== LOP Check ==========

[2011/05/11 06:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2011/05/11 06:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2011/06/08 21:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dN42900EmAlA42900
[2011/05/11 06:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2011/05/11 06:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2011/05/11 06:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/05/11 06:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2011/05/11 06:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/11 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/05/11 06:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/11 06:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Aim
[2011/05/11 06:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\com.constantcontact.add.to.constant.contact.93436992F81E3F56888A803A704436FF5667EB0D.1
[2011/05/11 06:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Final Draft
[2011/05/11 06:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\GetRightToGo
[2011/05/11 06:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Image Zone Express
[2011/05/11 06:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\InterTrust
[2011/05/11 06:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\LimeWire
[2011/05/11 06:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\MSNInstaller
[2011/05/11 06:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\OverDrive
[2011/05/11 06:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Smart PDF Converter Pro
[2011/05/11 06:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Snapfish
[2011/07/23 19:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BILL\Application Data\Tific
[2011/05/11 09:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\Aim
[2011/05/11 09:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\InterTrust
[2011/05/11 09:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CJ\Application Data\LimeWire
[2011/05/11 11:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2011/05/11 09:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen Goulet\Application Data\Aim
[2011/05/11 13:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen Goulet\Application Data\InterTrust
[2011/05/12 09:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen Goulet\Application Data\LimeWire

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1125 bytes -> C:\Documents and Settings\BILL\My Documents\Fwd_Fw_Pleasesendback.eml:OECustomProperty

< End of report >

#15
Essexboy

Posted 28 July 2011 - 10:15 AM

GeekU Moderator

Retired Staff
69,964 posts

Here we go, there was a copy in all the other users registry, retry for redirects on completion please

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C FA DD 05 A9 A3 FC 4F 90 64 C5 94 2D E0 E0 59 [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C FA DD 05 A9 A3 FC 4F 90 64 C5 94 2D E0 E0 59 [binary data]
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C FA DD 05 A9 A3 FC 4F 90 64 C5 94 2D E0 E0 59 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3C FA DD 05 A9 A3 FC 4F 90 64 C5 94 2D E0 E0 59 [binary data]
[2011/07/23 12:03:28 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions\{1d80ab0f-df56-4775-8658-adc503c1c5a6}
[2011/07/25 10:35:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\extensions\{93c8f790-af5a-404d-b3a6-7a607bc792ac}
[2011/06/06 19:08:24 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\BILL\Application Data\Mozilla\Firefox\Profiles\2c1wwf1j.default\searchplugins\safesearch.xml
[2011/06/08 21:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dN42900EmAlA42900

:Files
ipconfig /flushdns /c
C:\Documents and Settings\All Users\Application Data\dN42900EmAlA42900

:REG
[HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.