Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Won't Go Away

Started by mjwalters0716 , Oct 07 2011 08:23 PM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 10 October 2011 - 01:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I like everyone to leave here as a happy bunny :)

And the rate that malware changes caution is always a useful thing to have
  • 0

Advertisements

#17
mjwalters0716
Posted 11 October 2011 - 11:56 AM

mjwalters0716

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the OTL Log from today as promised:

OTL logfile created on: 10/11/2011 10:52:24 AM - Run 6
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Michael\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.78 Gb Available Physical Memory | 63.18% Memory free
11.98 Gb Paging File | 9.62 Gb Available in Paging File | 80.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.32 Gb Total Space | 33.18 Gb Free Space | 16.99% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 102.45 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Drive E: | 341.80 Gb Total Space | 80.18 Gb Free Space | 23.46% Space Free | Partition Type: NTFS
Drive F: | 394.40 Gb Total Space | 23.35 Gb Free Space | 5.92% Space Free | Partition Type: NTFS
Drive G: | 341.80 Gb Total Space | 34.94 Gb Free Space | 10.22% Space Free | Partition Type: NTFS
Drive H: | 394.40 Gb Total Space | 7.51 Gb Free Space | 1.90% Space Free | Partition Type: NTFS
Drive I: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 4.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VCHOMENET | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/07 19:13:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2011/10/05 09:04:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/01 17:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/01 23:27:50 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Steam\steam.exe
PRC - [2011/07/12 17:48:23 | 000,288,280 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskTeam.exe
PRC - [2011/07/12 17:48:23 | 000,218,648 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskHelper.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/15 13:38:15 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/01/18 21:43:02 | 000,124,256 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/05 09:04:54 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/01 21:29:24 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 22:00:28 | 014,410,024 | ---- | M] () -- E:\Steam\bin\libcef.dll
MOD - [2011/09/29 22:00:28 | 000,914,216 | ---- | M] () -- E:\Steam\bin\avcodec-52.dll
MOD - [2011/09/29 22:00:28 | 000,190,248 | ---- | M] () -- E:\Steam\bin\chromehtml.dll
MOD - [2011/09/29 22:00:28 | 000,155,432 | ---- | M] () -- E:\Steam\bin\avformat-52.dll
MOD - [2011/09/29 22:00:28 | 000,091,432 | ---- | M] () -- E:\Steam\bin\avutil-50.dll
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/07 20:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/12 04:09:58 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/02 02:43:15 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/15 13:38:15 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/12 01:32:32 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/07/07 21:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/07 21:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/07 19:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/30 11:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/01/14 11:57:01 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/01/14 11:57:01 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/17 15:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/08/21 01:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/09 14:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/01/21 18:45:00 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007/06/26 09:45:14 | 000,362,496 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WMP54Gv41x64.sys -- (rt61x64)
DRV - [2010/03/13 12:58:52 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/12 02:24:05] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 76 19 AF 18 14 CB 01 [binary data]
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/07 15:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/05 09:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/13 21:51:23 | 000,000,000 | ---D | M]

[2010/04/11 21:27:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2011/10/07 19:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3pcn1rg6.default\extensions
[2011/07/13 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/01 04:15:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/07 15:39:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3PCN1RG6.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011/10/05 09:04:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/05/01 04:15:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/05 09:04:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/05 06:30:14 | 000,002,223 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/10/10 10:43:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000..\Run: [oDesk Team] C:\Program Files (x86)\oDesk\oDeskTeam.exe (oDesk Corporation)
O4 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000..\Run: [Steam] E:\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3316169067-378679097-3071490368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2228E5B4-283C-4B18-9A08-6E685799DDBD}: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED954E1E-9734-4080-997A-B0ECD040F76D}: DhcpNameServer = 68.87.76.182 68.87.78.134
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/12 01:39:03 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 22:03:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/30 22:03:32 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 10:48:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/10 10:43:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/10 10:07:03 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2011/10/08 14:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/10/08 13:39:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/08 13:39:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/08 13:39:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/08 13:39:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/08 13:37:40 | 004,251,069 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011/10/08 13:26:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 19:13:45 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/07 19:07:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\GooredFix Backups
[2011/10/07 19:07:12 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/10/07 19:05:24 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/10/07 19:01:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/07 18:59:43 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTM.exe
[2011/10/07 18:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
[2011/10/07 15:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/07 15:38:48 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AVG2012
[2011/10/07 15:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/04 23:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - The Old Republic
[2011/10/02 23:02:33 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Crash Test Dummies (6 Albums)
[2011/10/02 23:01:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Hot Action Cop - Hot Action Cop
[2011/10/02 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\A Beautiful Mind Soundtrack
[2011/10/02 19:37:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Corpse Bride Soundtrack
[2011/10/01 21:30:07 | 000,000,000 | R--D | C] -- C:\Users\Michael\Dropbox
[2011/10/01 21:27:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/10/01 21:27:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/09/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ATI
[2011/09/30 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ATI
[2011/09/30 00:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/09/30 00:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/09/30 00:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/09/29 23:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/09/29 23:52:32 | 000,000,000 | ---D | C] -- C:\ATI
[2011/09/29 22:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/09/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/09/29 22:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/09/28 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\SWTOR
[2011/09/27 01:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAZ 3D
[2011/09/26 21:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Poser
[2011/09/26 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Poser
[2011/09/26 21:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
[2011/09/26 21:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2011/09/26 21:41:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Poser 8 Content
[2011/09/22 17:51:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/09/19 01:31:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\RCT3
[2011/09/19 01:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
[2011/09/13 16:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trine
[2011/09/13 06:30:08 | 000,037,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/11 10:03:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/11 08:51:26 | 106,336,032 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/11 04:03:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/10 12:48:19 | 000,783,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/10 12:48:19 | 000,663,130 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/10 12:48:19 | 000,121,998 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/10 10:52:01 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 10:52:01 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 10:43:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/10 10:43:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/10 10:43:18 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 10:37:07 | 004,251,069 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2011/10/10 10:08:58 | 000,000,512 | ---- | M] () -- C:\Users\Michael\Desktop\MBR.dat
[2011/10/10 10:07:24 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2011/10/10 09:38:29 | 003,068,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/10 09:24:44 | 000,769,866 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/09 20:15:22 | 000,002,052 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/07 19:13:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2011/10/07 19:05:25 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Michael\Desktop\GooredFix.exe
[2011/10/07 18:59:44 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTM.exe
[2011/10/07 18:02:29 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2011/10/07 12:46:24 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\TDSSKiller.exe
[2011/10/05 18:33:46 | 000,328,971 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/01 21:30:07 | 000,001,042 | ---- | M] () -- C:\Users\Michael\Desktop\Dropbox.lnk
[2011/10/01 21:27:25 | 000,001,022 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/30 00:21:48 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/09/28 13:22:17 | 000,000,644 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/09/27 01:39:45 | 000,002,518 | ---- | M] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/09/26 21:42:09 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Poser 8.lnk
[2011/09/22 15:57:35 | 000,437,695 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111007-174841.backup
[2011/09/19 01:31:42 | 000,001,089 | ---- | M] () -- C:\Users\Michael\Desktop\RCT3plus - Shortcut.lnk
[2011/09/14 11:47:42 | 000,060,416 | ---- | M] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 16:51:13 | 000,000,591 | ---- | M] () -- C:\Users\Public\Desktop\Trine.lnk
[2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[1 C:\Users\Michael\*.tmp files -> C:\Users\Michael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 10:08:58 | 000,000,512 | ---- | C] () -- C:\Users\Michael\Desktop\MBR.dat
[2011/10/08 13:39:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/08 13:39:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/08 13:39:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/08 13:39:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/08 13:39:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/01 21:30:07 | 000,001,042 | ---- | C] () -- C:\Users\Michael\Desktop\Dropbox.lnk
[2011/10/01 21:27:25 | 000,001,022 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/30 00:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/28 13:22:17 | 000,000,644 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/09/27 01:39:45 | 000,002,518 | ---- | C] () -- C:\Users\Public\Desktop\Update Victoria 4 Base.lnk
[2011/09/26 21:42:09 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Poser 8.lnk
[2011/09/19 01:31:42 | 000,001,089 | ---- | C] () -- C:\Users\Michael\Desktop\RCT3plus - Shortcut.lnk
[2011/09/14 11:47:42 | 000,060,416 | ---- | C] () -- C:\Windows\SysNative\OVDecode64.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/13 16:51:13 | 000,000,591 | ---- | C] () -- C:\Users\Public\Desktop\Trine.lnk
[2011/07/12 01:06:43 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/14 09:44:10 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/01/27 17:30:55 | 000,000,507 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/12/19 01:18:21 | 000,003,879 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Perfmon.PerfmonCfg
[2010/12/18 20:10:10 | 000,007,601 | -H-- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2010/10/05 18:24:34 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/05 18:24:34 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/15 13:38:16 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/15 13:38:15 | 002,419,568 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/15 13:38:15 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/06/13 22:10:43 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/06/11 18:25:27 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/05/25 10:09:14 | 000,011,776 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 04:31:24 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/05/02 02:51:19 | 000,221,608 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/05/01 03:31:38 | 000,769,866 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/12 08:47:02 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2010/04/12 04:42:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/04/12 02:58:26 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/12 02:54:31 | 004,902,912 | ---- | C] () -- C:\Windows\SysWow64\qt-mt335.dll
[2010/04/11 22:56:18 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/11 22:37:03 | 000,121,753 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2010/04/11 18:37:03 | 000,052,864 | R--- | C] () -- C:\Windows\SysWow64\SetupWizard.exe
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/12/28 00:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/06/12 08:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== LOP Check ==========

[2011/09/08 19:52:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.purple
[2011/09/19 01:31:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Atari
[2010/04/12 03:54:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Autodesk
[2011/10/07 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AVG2012
[2011/10/10 09:40:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Azureus
[2010/09/04 03:31:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BoneTown
[2011/02/22 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Braid
[2010/06/08 14:06:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2010/09/06 23:59:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Chime
[2010/04/12 04:29:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.ExMan
[2010/08/16 22:42:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ContentGuard
[2010/05/06 04:32:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cYo
[2011/01/28 05:03:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAZ 3D
[2011/05/18 13:30:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DisneyInteractiveStudios
[2011/10/10 10:44:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FreeAudioPack
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2011/04/29 12:30:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ice-pick Lodge
[2010/04/12 08:47:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ImgBurn
[2011/07/11 20:07:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\jAlbum
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Juniper Networks
[2011/09/22 17:51:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/04/12 14:15:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LucasArts
[2011/05/27 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Luxology
[2010/06/28 12:10:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Need for Speed World
[2011/05/27 14:14:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Notepad++
[2010/05/06 04:55:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PlayFirst
[2010/07/27 18:11:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Pmcc
[2011/09/26 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Poser
[2011/02/22 02:52:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RenPy
[2011/01/06 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Rovio
[2011/03/10 17:17:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\runic games
[2010/11/24 23:32:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SEGA Corporation
[2011/03/10 16:07:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\The Creative Assembly
[2010/04/12 03:10:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thinstall
[2011/02/22 00:45:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\thriXXX
[2010/06/20 18:12:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Twilight
[2010/09/02 06:11:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ubisoft
[2010/10/21 21:01:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WB Games
[2010/07/16 07:36:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WindSolutions
[2010/04/12 04:55:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2009/07/13 22:08:49 | 000,032,164 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#18
Essexboy
Posted 11 October 2011 - 12:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks good :) Any further problems ?
  • 0

#19
mjwalters0716
Posted 11 October 2011 - 12:37 PM

mjwalters0716

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Not so far. Since yesterday I haven't had any additional tabs popup on Firefox, no redirects on the Google searches, and AVG hasn't hit any new Blackhole Exploits.
  • 0

#20
Essexboy
Posted 11 October 2011 - 12:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK you may now do the cleanup :)

Enjoy and keep safe, also clean the java cache on a regular basis or set the cache size to zero
  • 0

#21
mjwalters0716
Posted 11 October 2011 - 01:07 PM

mjwalters0716

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
K, I followed the earlier cleaning instructions and OTL Cleanup got rid of everything but GooredFix and aswMBR. Can I delete these, or is there a better way to clean them up?
  • 0

#22
Essexboy
Posted 11 October 2011 - 01:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just delete from the desktop as they do not install :)
  • 0

#23
mjwalters0716
Posted 11 October 2011 - 01:23 PM

mjwalters0716

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sweet. That should be all then. Thanks for all your help. Hopefully I won't have to be messaging you anytime soon.
  • 0

#24
Essexboy
Posted 11 October 2011 - 01:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure - keep safe
  • 0

#25
Essexboy
Posted 13 October 2011 - 03:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP