Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Security center service can't be started and Google redirects


  • Please log in to reply

#1
WimVB

WimVB

    New Member

  • Member
  • Pip
  • 1 posts
Hi

I'm having the same problems as described in http://www.geekstogo...oogle-redirect/

I ran almost every virus scanner: AVG, MalwareBytes, Spybot, AdAware, Avast, Kaspersky,... But nothing found

Here is my OTL log:


OTL logfile created on: 8/08/2011 13:32:00 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Wim.VanBuynder\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: Belgium | Language: NLB | Date Format: d/MM/yyyy

4,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 54,10% Memory free
7,99 Gb Paging File | 5,84 Gb Available in Paging File | 73,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98,50 Gb Total Space | 42,44 Gb Free Space | 43,09% Space Free | Partition Type: NTFS
Drive E: | 134,28 Gb Total Space | 120,01 Gb Free Space | 89,37% Space Free | Partition Type: NTFS

Computer Name: EQBEGNTN-WVA02 | User Name: Wim.VanBuynder | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/08 13:30:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Wim.VanBuynder\Downloads\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/06 09:07:28 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Wim.VanBuynder\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Wim.VanBuynder\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/22 20:06:08 | 012,021,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/15 15:09:56 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2010/12/15 15:09:56 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/11/20 04:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/10/22 02:24:52 | 000,596,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
PRC - [2010/05/03 08:35:41 | 000,136,768 | ---- | M] (NeoAccel, Inc.) -- C:\Windows\SysWOW64\NeoSrv.exe
PRC - [2009/11/11 15:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2007/11/21 04:15:08 | 003,293,184 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
PRC - [2005/07/21 12:15:14 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMHost.exe
PRC - [2005/07/21 12:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/08 13:30:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Wim.VanBuynder\Downloads\OTL.exe
MOD - [2011/07/04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 04:18:02 | 002,175,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll
MOD - [2010/11/20 03:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/14 03:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/14 03:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2009/07/14 03:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009/07/14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/12/15 15:12:35 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2010/12/15 15:07:49 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/08 21:44:38 | 004,263,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe -- (DPMRA)
SRV:64bit: - [2010/04/08 21:39:52 | 000,483,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Data Protection Manager\DPM\bin\DPMClientService.exe -- (DPMClientService)
SRV:64bit: - [2009/07/30 18:42:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/15 15:09:56 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2010/05/03 08:35:41 | 000,136,768 | ---- | M] (NeoAccel, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\NeoSrv.exe -- (SSL VPN-Plus Service)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2005/07/21 12:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe -- (MOM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/04 13:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/12/15 15:13:16 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/15 15:13:16 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/12/15 15:13:16 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/15 15:13:16 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/15 15:12:35 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2010/12/15 15:09:57 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/15 15:09:36 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/15 15:07:49 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/01/13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/09/18 11:21:00 | 000,395,264 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/01 10:46:50 | 001,848,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/20 09:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/03 08:36:03 | 000,553,496 | ---- | M] (NeoAccel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NeoAccel.sys -- (NeoAccel)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/iat/us_be.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 F0 69 CB 5C 9C CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8888
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Wim.VanBuynder\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Wim.VanBuynder\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Wim.VanBuynder\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wim.VanBuynder\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wim.VanBuynder\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/05 12:00:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/02 10:03:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/02 10:03:57 | 000,000,000 | ---D | M]

[2010/12/16 14:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wim.VanBuynder\AppData\Roaming\mozilla\Extensions
[2011/08/03 10:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wim.VanBuynder\AppData\Roaming\mozilla\Firefox\Profiles\fuwlsrvm.default\extensions
[2011/03/23 11:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/16 15:13:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 15:26:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/07/19 15:47:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/22 02:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2010/12/09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2010/01/01 10:00:00 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2010/01/01 10:00:00 | 000,001,111 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\vandale-nl.xml
[2010/01/01 10:00:00 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2011/08/04 09:51:40 | 000,436,340 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15016 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DPMClientUI] c:\Program Files\Microsoft Data Protection Manager\DPM\bin\DPMClient.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Wim.VanBuynder\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Wim.VanBuynder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Wim.VanBuynder\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\neonsp.2048.dll (NeoAccel, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\neolsp.2052.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\neolsp.2052.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\neolsp.2052.dll ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: equazion.com ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: feedburner.com ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: sv-mc.com ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: sv-mc.com ([intranet] https in Local intranet)
O15 - HKCU\..Trusted Domains: equazion.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: feedburner.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sv-mc.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sv-mc.com ([intranet] https in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.2 195.130.131.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sv-mc.com
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\avldr: DllName - Reg Error: Value error. - File not found
O20 - Winlogon\Notify\avldr: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/08 11:44:40 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011/08/05 17:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/05 12:00:49 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/08/05 12:00:49 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/05 12:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/05 12:00:47 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/08/05 12:00:47 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/08/05 12:00:47 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/08/05 12:00:47 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/08/05 12:00:47 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/08/05 12:00:31 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/05 12:00:31 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/05 12:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/05 12:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/05 11:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/08/05 11:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/08/05 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/08/05 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/08/05 10:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/08/05 10:24:53 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/08/05 10:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/08/05 10:22:06 | 000,000,000 | ---D | C] -- C:\Users\Wim.VanBuynder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/05 10:21:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/05 10:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/05 10:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/04 21:12:03 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2011/08/04 13:11:44 | 000,000,000 | ---D | C] -- C:\SMCLpav
[2011/08/03 15:35:52 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2011/08/03 15:35:24 | 000,000,000 | ---D | C] -- C:\Users\Wim.VanBuynder\AppData\Local\Panda Security
[2011/08/03 15:26:55 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\HHActiveX.dll
[2011/08/03 15:26:48 | 000,000,000 | ---D | C] -- C:\Users\Wim.VanBuynder\AppData\Roaming\Panda Security
[2011/08/03 15:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/08/03 15:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/08/03 15:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panda Security
[2011/08/02 14:38:13 | 000,000,000 | ---D | C] -- C:\Users\Wim.VanBuynder\AppData\Roaming\Malwarebytes
[2011/08/02 14:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/02 14:38:00 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/02 14:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/08/02 14:24:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/08/02 14:06:45 | 049,089,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011/08/02 13:58:27 | 000,000,000 | ---D | C] -- C:\Users\Wim.VanBuynder\AppData\Roaming\AVG10
[2011/08/02 13:57:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/08/02 13:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/08/02 13:57:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/08/02 13:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/08/02 13:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/02 13:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/02 13:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/08/02 10:05:41 | 000,000,000 | ---D | C] -- C:\Users\Wim.VanBuynder\AppData\Roaming\Apple Computer
[2011/08/02 10:05:41 | 000,000,000 | ---D | C] -- C:\Users\Wim.VanBuynder\AppData\Local\Apple Computer
[2011/08/02 10:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/02 10:05:14 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/08/02 10:05:14 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/08/02 10:05:14 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/08/02 10:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/02 10:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/02 10:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/02 10:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/08/02 10:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/02 10:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/02 10:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/02 10:03:28 | 000,000,000 | ---D | C] -- C:\Users\Wim.VanBuynder\AppData\Local\Apple
[2011/08/02 10:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/08/02 10:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/02 10:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/02 10:02:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/02 10:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/08/02 10:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/07/12 11:34:00 | 000,212,840 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/07/12 11:34:00 | 000,096,104 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/07/12 11:34:00 | 000,085,864 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/07/12 11:34:00 | 000,061,288 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/07/12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[2010/12/15 15:15:25 | 000,186,928 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/08 13:29:40 | 000,807,970 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/08 13:29:40 | 000,684,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/08 13:29:40 | 000,126,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/08 13:29:19 | 000,000,576 | ---- | M] () -- C:\Windows\tasks\ScheduledDPMClientBackup.job
[2011/08/08 13:12:20 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2000478354-839522115-4311UA.job
[2011/08/08 13:04:53 | 000,020,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/08 13:04:53 | 000,020,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/08 12:57:19 | 000,000,326 | -HS- | M] () -- C:\Windows\tasks\HZIID.job
[2011/08/08 12:57:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/08 12:56:50 | 3217,502,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/05 12:32:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-2000478354-839522115-4311UA.job
[2011/08/05 12:00:49 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/05 12:00:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/05 11:26:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/05 11:26:14 | 000,822,056 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/05 10:58:51 | 001,617,742 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/08/05 10:54:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1016989469-875065511-2398107558-1000UA.job
[2011/08/05 10:24:52 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/08/05 10:22:06 | 000,003,015 | ---- | M] () -- C:\Users\Wim.VanBuynder\Desktop\HiJackThis.lnk
[2011/08/05 10:21:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/05 09:32:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-2000478354-839522115-4311Core.job
[2011/08/04 13:54:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1016989469-875065511-2398107558-1000Core.job
[2011/08/04 09:51:40 | 000,436,340 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/03 15:39:11 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2011/08/03 11:59:57 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110804-095140.backup
[2011/08/03 10:23:53 | 000,001,456 | ---- | M] () -- C:\Users\Wim.VanBuynder\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/08/03 09:12:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-2000478354-839522115-4311Core.job
[2011/08/02 13:32:09 | 000,001,282 | ---- | M] () -- C:\Users\Wim.VanBuynder\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/02 13:29:16 | 000,065,536 | RHS- | M] () -- C:\Windows\SysWow64\mfc100kor2.dll
[2011/07/19 15:19:54 | 001,613,110 | ---- | M] () -- C:\Users\Wim.VanBuynder\Desktop\icon.psd
[2011/07/12 11:34:00 | 000,212,840 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/07/12 11:34:00 | 000,096,104 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/07/12 11:34:00 | 000,085,864 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/07/12 11:34:00 | 000,061,288 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/07/12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/07/12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/05 12:00:49 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/05 12:00:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/08/05 11:26:11 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/08/05 11:25:47 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/08/05 10:58:14 | 001,617,742 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/08/05 10:22:06 | 000,003,015 | ---- | C] () -- C:\Users\Wim.VanBuynder\Desktop\HiJackThis.lnk
[2011/08/05 10:21:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/03 15:38:47 | 000,008,627 | ---- | C] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2011/08/02 13:32:09 | 000,001,282 | ---- | C] () -- C:\Users\Wim.VanBuynder\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/02 13:29:16 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\mfc100kor2.dll
[2011/08/02 13:29:16 | 000,000,326 | -HS- | C] () -- C:\Windows\tasks\HZIID.job
[2011/08/02 10:03:27 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/07/19 15:19:53 | 001,613,110 | ---- | C] () -- C:\Users\Wim.VanBuynder\Desktop\icon.psd
[2011/01/06 13:06:56 | 000,001,456 | ---- | C] () -- C:\Users\Wim.VanBuynder\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/12/20 10:19:55 | 000,843,776 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2010/12/20 10:19:55 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2010/12/20 10:19:55 | 000,087,536 | ---- | C] () -- C:\Windows\SysWow64\qathlp.dll
[2010/12/20 10:19:55 | 000,064,480 | ---- | C] () -- C:\Windows\SysWow64\neolsp.2052.dll
[2010/12/15 23:14:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/15 17:16:15 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/15 16:33:13 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010/12/15 16:05:52 | 000,822,056 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/15 15:33:08 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/12/15 15:25:16 | 000,062,180 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/15 15:15:25 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2010/12/15 15:15:25 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/07/21 12:01:04 | 000,008,527 | ---- | C] () -- C:\Windows\SysWow64\MOMCounters.ini
[2005/07/21 12:01:04 | 000,005,295 | ---- | C] () -- C:\Windows\SysWow64\MomAgntCtrs.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:F8D65F32

< End of report >


Could somebody please help me out? Thanks in advance!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Uninstall
PC Tools
Microsoft Security Client

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK





Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************
:processes
killallprocesses

:OTL
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8888
[2010/12/16 15:13:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 15:26:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O4 - HKCU..\Run: [AdobeBridge] File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\neolsp.2052.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\neolsp.2052.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\neolsp.2052.dll ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O20:64bit: - Winlogon\Notify\avldr: DllName - Reg Error: Value error. - File not found
O20 - Winlogon\Notify\avldr: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
[2011/08/02 13:29:16 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\mfc100kor2.dll
[2011/08/02 13:29:16 | 000,000,326 | -HS- | C] () -- C:\Windows\tasks\HZIID.job
[2011/08/02 13:58:27 | 000,000,000 | ---D | C] -- C:\Users\Wim.VanBuynder\AppData\Roaming\AVG10
[2011/08/02 13:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/08/02 13:57:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[purity]
[RESETHOSTS]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

Download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe


:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image




Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Are you still getting redirected?

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP