Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirects [Solved]

Started by dnsaboutthis , Nov 14 2011 11:04 PM

  • This topic is locked This topic is locked

#1
dnsaboutthis
Posted 14 November 2011 - 11:04 PM

dnsaboutthis

    New Member

  • Member
  • Pip
  • 8 posts
When doing a Google search, anything but what was googled comes up.. For instance, the Yellow Pages will come up or "koonzie". Press the back arrow and the screen will go blank with redirects written in the tab. Press back arrow one more time and we're back to the original Google listings. Have ran AVG anti-virus and Malwarebytes Anti-Malware with no success.

Any help will be greatly appreciated.


OTL logfile created on: 11/14/2011 6:16:10 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mark\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.58% Memory free
3.85 Gb Paging File | 2.97 Gb Available in Paging File | 77.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.07 Gb Total Space | 42.11 Gb Free Space | 59.24% Space Free | Partition Type: NTFS

Computer Name: D6F65Q81 | User Name: mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\mark\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe (Linksys)
PRC - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe (GEMTEKS)
PRC - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (Netscape Communications Corporation)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\freecell.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\Security.dll ()
MOD - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\ses_cl.dll ()
MOD - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MOD - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\ez54g.dll ()
MOD - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
MOD - C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\bwfiles.dll ()
MOD - C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\FrExt.dll ()
MOD - C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\clntutil.dll ()
MOD - C:\WINDOWS\system32\GTW32N50.dll ()
MOD - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWTargetInf.dll ()
MOD - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\frext-7288971.dll ()
MOD - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll ()
MOD - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\GEMWEP.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GSCSVC) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (NCUpdateSvc) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (Netscape Communications Corporation)
SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MpKsl8e220f74) -- File not found
DRV - (MpKsl233ffdf6) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5BFD06DA-DDBD-4031-93CE-05D097E2F757}\MpKsl233ffdf6.sys (Microsoft Corporation)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (NEOFLTR_650_14951) Juniper Networks TDI Filter Driver (NEOFLTR_650_14951) -- C:\WINDOWS\system32\drivers\NEOFLTR_650_14951.SYS (Juniper Networks)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (BCM42RLY) -- C:\WINDOWS\system32\bcm42rly.sys (Broadcom Corporation)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)
DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)
DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)
DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)
DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A A5 62 0F D4 C8 92 47 81 F8 E8 27 18 5E FD 7C [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {dd62fa51-e729-4de2-99a5-345b54c7c60e}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {c1970c0d-dbe6-4d91-804f-c9c0de643a57}:1.3.2.14
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mark\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mark\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 21:44:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/10 15:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/04 08:08:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 23:47:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 23:47:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/20 08:59:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\mark\Application Data\Move Networks [2009/11/08 08:17:17 | 000,000,000 | ---D | M]

[2011/11/14 16:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark\Application Data\Mozilla\Extensions
[2010/11/27 16:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/11/14 16:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions
[2010/11/28 05:49:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/20 20:38:44 | 000,000,000 | ---D | M] (NoRedirect) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
[2011/06/13 06:08:56 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{dd62fa51-e729-4de2-99a5-345b54c7c60e}
[2010/11/28 05:49:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/11/14 10:31:58 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\searchplugins\Search_Results.xml
[2011/11/14 16:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 23:47:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/11/30 10:36:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/20 07:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/11/08 08:17:17 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOVE NETWORKS
[2011/11/04 08:08:58 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2008/12/10 15:40:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 23:47:08 | 000,025,560 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/11/10 23:47:08 | 000,140,760 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/10 23:47:11 | 000,067,032 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/06/07 11:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/07/15 16:43:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/07/15 16:43:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/07/15 16:43:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/07/15 16:43:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/07/15 16:43:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/07/15 16:43:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/07/15 16:43:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/07/08 12:02:13 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/07/08 12:02:13 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/07/08 12:02:13 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2011/07/08 12:02:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/07/08 12:02:13 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/11/14 10:31:58 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/07/08 12:02:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/07/08 12:02:13 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files\Crawler\Radio\CRadio.exe (Crawler.com)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://remote.horme...fc.ad dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B911390-84EE-4E55-941F-AE9E06FFC283}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{67c9945f-f686-11df-9a13-001839106bb9}\Shell - "" = AutoRun
O33 - MountPoints2\{67c9945f-f686-11df-9a13-001839106bb9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c9945f-f686-11df-9a13-001839106bb9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 10:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark\Local Settings\Application Data\Ilivid Player
[2011/11/14 10:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}
[2011/11/11 12:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/10 01:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/27 05:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\mark\Desktop\*.tmp files -> C:\Documents and Settings\mark\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 18:00:05 | 109,787,197 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/14 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/11/14 17:59:04 | 000,093,202 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/11/14 17:26:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/14 16:46:06 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\Internet.lnk
[2011/11/14 16:17:16 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/14 16:11:43 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/14 16:11:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 16:11:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/14 16:11:16 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/14 10:15:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/11 14:21:07 | 004,504,695 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\DCRTRV140.pdf
[2011/11/11 05:57:32 | 000,003,154 | ---- | M] () -- C:\Documents and Settings\mark\Application Data\SAS7_000.DAT
[2011/11/10 01:30:24 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/10 01:30:24 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\Spybot - Search & Destroy.lnk
[2011/11/09 21:32:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/08 15:01:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/07 08:01:24 | 000,446,414 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 08:01:24 | 000,073,236 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 08:08:59 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\mark\Desktop\*.tmp files -> C:\Documents and Settings\mark\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 16:46:06 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Internet.lnk
[2011/11/11 14:20:50 | 004,504,695 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\DCRTRV140.pdf
[2011/11/10 01:30:24 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/10 01:30:24 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Spybot - Search & Destroy.lnk
[2011/10/27 05:28:35 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/08/26 21:15:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/20 10:12:14 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/10 08:10:10 | 000,000,631 | ---- | C] () -- C:\WINDOWS\EReg213.dat
[2010/04/10 09:51:06 | 000,118,642 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2010/04/10 09:07:57 | 000,118,668 | ---- | C] () -- C:\WINDOWS\hpoins09.dat.temp
[2010/04/10 09:07:57 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat.temp
[2010/01/07 01:11:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/07 00:48:10 | 000,000,322 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/11/09 09:45:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\housecall.guid.cache
[2009/04/27 09:52:03 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/01/31 20:36:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/27 22:18:14 | 000,030,505 | ---- | C] () -- C:\WINDOWS\SSSETUP.EXE
[2008/12/21 12:42:52 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/14 11:04:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\fusioncache.dat
[2008/11/11 14:27:06 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/11/11 14:27:06 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\8528ED2272.sys
[2008/11/10 15:39:57 | 000,003,154 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\SAS7_000.DAT
[2008/11/10 14:47:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/11/04 14:33:48 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\PFP120JPR.{PB
[2008/11/04 14:33:48 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\PFP120JCM.{PB
[2008/11/04 11:27:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/03/20 16:44:02 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2006/03/09 11:29:36 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005/10/26 12:57:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/26 12:54:29 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/10/26 12:46:14 | 000,000,248 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/26 12:42:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/26 12:20:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/26 12:20:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/10/26 12:20:22 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 07:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,446,414 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,073,236 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/05/19 11:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2011/07/20 06:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/27 05:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/28 09:05:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/17 14:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/12/21 12:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/07/20 10:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/01 07:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/11/14 18:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/07/10 11:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2010/12/21 13:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/12/21 12:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/21 13:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/08/10 13:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/15 14:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/10/10 11:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/27 14:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/11/14 16:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}
[2011/07/15 17:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/11/29 19:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\alot
[2010/12/08 11:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\AVG
[2011/09/28 08:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\AVG2012
[2009/01/17 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\DriverCure
[2009/05/27 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\ErrorFix
[2011/04/15 09:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Image Zone Express
[2011/06/01 07:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Juniper Networks
[2008/11/29 17:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Leadertech
[2010/12/21 13:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Nuance
[2011/10/10 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Sammsoft
[2010/11/21 10:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\SuperAdBlocker.com
[2011/04/15 14:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\TaxCut
[2011/11/14 16:17:16 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/14 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
BlackOxide
Posted 15 November 2011 - 05:58 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, dnsaboutthis! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :yes:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)




Could you run the following two scans for me, then get back to me with the logs please...


1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Download aswMBR.exe (1.8mb) to your desktop.

  • Double click aswMBR.exe to run it.
  • If it asks to download the Avast definitions, just click No.
  • Click the Scan button to start the scan.
  • On completion of the scan click Save Log, save it to your desktop and post it in your next reply.




In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 0

#3
dnsaboutthis
Posted 16 November 2011 - 07:29 AM

dnsaboutthis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for the response, BlackOxide. Here are the requested scans.

OTL logfile created on: 11/16/2011 7:13:58 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mark\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 56.94% Memory free
3.85 Gb Paging File | 3.12 Gb Available in Paging File | 81.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.07 Gb Total Space | 41.96 Gb Free Space | 59.03% Space Free | Partition Type: NTFS

Computer Name: D6F65Q81 | User Name: mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 17:51:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark\My Documents\Downloads\OTL.exe
PRC - [2011/11/10 23:47:09 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/24 19:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 05:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe
PRC - [2006/04/21 13:26:38 | 005,358,592 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
PRC - [2005/07/04 15:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
PRC - [2005/02/10 16:54:38 | 000,139,264 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
PRC - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/05/24 11:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe
PRC - [2004/04/07 11:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/02/13 13:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 23:47:10 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/07/12 19:51:55 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2005/10/20 10:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 10:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2005/09/02 07:25:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\Security.dll
MOD - [2005/02/24 19:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\ses_cl.dll
MOD - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2004/09/29 14:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\ez54g.dll
MOD - [2004/02/13 13:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
MOD - [2004/02/11 15:58:16 | 000,147,493 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\bwfiles.dll
MOD - [2004/02/11 15:58:16 | 000,094,243 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\FrExt.dll
MOD - [2004/02/11 15:58:16 | 000,061,496 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\clntutil.dll
MOD - [2003/10/13 15:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2003/06/08 18:21:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWTargetInf.dll
MOD - [2003/06/08 16:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\frext-7288971.dll
MOD - [2003/06/08 16:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll
MOD - [2002/04/23 23:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\GEMWEP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WUSB54GSCSVC)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/02/10 16:54:38 | 000,139,264 | ---- | M] (Netscape Communications Corporation) [Auto | Running] -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe -- (NCUpdateSvc)
SRV - [2004/05/24 11:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2004/04/07 11:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/11/16 06:27:14 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3261A6-1CC1-4E0E-9CD0-3CC211DF7F24}\MpKsl535359cd.sys -- (MpKsl535359cd)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/12/09 07:28:04 | 000,085,288 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_14951.SYS -- (NEOFLTR_650_14951) Juniper Networks TDI Filter Driver (NEOFLTR_650_14951)
DRV - [2008/04/13 12:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/09/10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/26 12:43:54 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/01 17:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/07/07 09:27:28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2004/07/07 07:55:12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/06/02 12:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2004/05/20 07:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/05/20 07:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2004/05/20 07:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A A5 62 0F D4 C8 92 47 81 F8 E8 27 18 5E FD 7C [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A A5 62 0F D4 C8 92 47 81 F8 E8 27 18 5E FD 7C [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A A5 62 0F D4 C8 92 47 81 F8 E8 27 18 5E FD 7C [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A A5 62 0F D4 C8 92 47 81 F8 E8 27 18 5E FD 7C [binary data]

IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A A5 62 0F D4 C8 92 47 81 F8 E8 27 18 5E FD 7C [binary data]
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {dd62fa51-e729-4de2-99a5-345b54c7c60e}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {c1970c0d-dbe6-4d91-804f-c9c0de643a57}:1.3.2.14
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mark\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mark\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/04 08:08:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 23:47:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 23:47:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/20 08:59:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\mark\Application Data\Move Networks [2009/11/08 08:17:17 | 000,000,000 | ---D | M]

[2011/11/14 16:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark\Application Data\Mozilla\Extensions
[2011/11/15 09:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions
[2010/11/28 05:49:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/20 20:38:44 | 000,000,000 | ---D | M] (NoRedirect) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
[2011/06/13 06:08:56 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{dd62fa51-e729-4de2-99a5-345b54c7c60e}
[2010/11/28 05:49:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/11/14 10:31:58 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\searchplugins\Search_Results.xml
[2011/11/15 09:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/30 10:36:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/20 07:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/11/08 08:17:17 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOVE NETWORKS
[2011/11/04 08:08:58 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2008/12/10 15:40:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/14 10:31:58 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\mark\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files\Crawler\Radio\CRadio.exe (Crawler.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://remote.horme...fc.ad dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B911390-84EE-4E55-941F-AE9E06FFC283}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{67c9945f-f686-11df-9a13-001839106bb9}\Shell - "" = AutoRun
O33 - MountPoints2\{67c9945f-f686-11df-9a13-001839106bb9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c9945f-f686-11df-9a13-001839106bb9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 09:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/15 01:36:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/15 01:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/15 01:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/14 23:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/11/14 23:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/11/14 10:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark\Local Settings\Application Data\Ilivid Player
[2011/11/14 10:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}
[2011/11/11 12:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/10/27 05:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/16 07:16:48 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\MBR.dat
[2011/11/16 06:26:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/15 21:06:02 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/11/15 18:16:05 | 109,857,108 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/15 18:15:04 | 000,118,778 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/11/15 15:01:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/15 12:02:51 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/15 11:56:50 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/15 11:56:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/15 11:56:40 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/15 10:38:06 | 000,003,154 | ---- | M] () -- C:\Documents and Settings\mark\Application Data\SAS7_000.DAT
[2011/11/15 10:15:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/15 09:17:43 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/15 09:17:43 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\Spybot - Search & Destroy.lnk
[2011/11/15 01:29:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\mark\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/15 01:29:15 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\NTREGOPT.lnk
[2011/11/15 01:29:15 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\ERUNT.lnk
[2011/11/14 23:53:54 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\SpywareBlaster.lnk
[2011/11/14 23:16:09 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\mark\My Documents\redirecxt fix.rtf
[2011/11/14 16:46:06 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\Internet.lnk
[2011/11/14 16:11:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/11 14:21:07 | 004,504,695 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\DCRTRV140.pdf
[2011/11/09 21:32:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/07 08:01:24 | 000,446,414 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 08:01:24 | 000,073,236 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 08:08:59 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/16 07:16:48 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\MBR.dat
[2011/11/15 09:17:43 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/15 09:17:43 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Spybot - Search & Destroy.lnk
[2011/11/15 01:29:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\mark\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/15 01:29:15 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\NTREGOPT.lnk
[2011/11/15 01:29:15 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\ERUNT.lnk
[2011/11/14 23:53:54 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\SpywareBlaster.lnk
[2011/11/14 23:16:08 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\mark\My Documents\redirecxt fix.rtf
[2011/11/14 16:46:06 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Internet.lnk
[2011/11/11 14:20:50 | 004,504,695 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\DCRTRV140.pdf
[2011/10/27 05:28:35 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/08/26 21:15:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/20 10:12:14 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/10 08:10:10 | 000,000,631 | ---- | C] () -- C:\WINDOWS\EReg213.dat
[2010/04/10 09:51:06 | 000,118,642 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2010/04/10 09:07:57 | 000,118,668 | ---- | C] () -- C:\WINDOWS\hpoins09.dat.temp
[2010/04/10 09:07:57 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat.temp
[2010/01/07 01:11:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/07 00:48:10 | 000,000,322 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/11/09 09:45:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\housecall.guid.cache
[2009/04/27 09:52:03 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/01/31 20:36:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/27 22:18:14 | 000,030,505 | ---- | C] () -- C:\WINDOWS\SSSETUP.EXE
[2008/12/21 12:42:52 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/14 11:04:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\fusioncache.dat
[2008/11/11 14:27:06 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/11/11 14:27:06 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\8528ED2272.sys
[2008/11/10 15:39:57 | 000,003,154 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\SAS7_000.DAT
[2008/11/10 14:47:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/11/04 14:33:48 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\PFP120JPR.{PB
[2008/11/04 14:33:48 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\PFP120JCM.{PB
[2008/11/04 11:27:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/03/20 16:44:02 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2006/03/09 11:29:36 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005/10/26 12:57:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/26 12:54:29 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/10/26 12:46:14 | 000,000,248 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/26 12:42:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/26 12:20:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/26 12:20:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/10/26 12:20:22 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 07:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,446,414 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,073,236 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/05/19 11:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2011/07/20 06:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/27 05:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/28 09:05:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/17 14:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/12/21 12:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/07/20 10:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/01 07:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/11/15 18:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/07/10 11:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2010/12/21 13:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/12/21 12:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/21 13:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/08/10 13:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/15 14:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/11/16 06:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/27 14:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/11/14 16:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}
[2011/07/15 17:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/12/01 10:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Nuance
[2010/11/27 14:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/11/29 19:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\alot
[2010/12/08 11:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\AVG
[2011/09/28 08:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\AVG2012
[2009/01/17 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\DriverCure
[2009/05/27 11:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\ErrorFix
[2011/04/15 09:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Image Zone Express
[2011/06/01 07:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Juniper Networks
[2008/11/29 17:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Leadertech
[2010/12/21 13:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Nuance
[2011/10/10 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Sammsoft
[2010/11/21 10:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\SuperAdBlocker.com
[2011/04/15 14:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\TaxCut
[2008/12/12 15:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Nuance
[2011/11/15 12:02:51 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/15 21:06:02 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-16 07:14:46
-----------------------------
07:14:46.088 OS Version: Windows 5.1.2600 Service Pack 3
07:14:46.088 Number of processors: 1 586 0x401
07:14:46.088 ComputerName: D6F65Q81 UserName: mark
07:14:47.760 Initialize success
07:15:21.963 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:15:21.963 Disk 0 Vendor: WDC_WD800BB-75JHC0 06.01C06 Size: 76293MB BusType: 3
07:15:24.010 Disk 0 MBR read successfully
07:15:24.010 Disk 0 MBR scan
07:15:24.010 Disk 0 unknown MBR code
07:15:24.026 Disk 0 scanning sectors +156232125
07:15:24.120 Disk 0 scanning C:\WINDOWS\system32\drivers
07:15:46.979 Service scanning
07:15:50.370 Service MpKsl535359cd c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF3261A6-1CC1-4E0E-9CD0-3CC211DF7F24}\MpKsl535359cd.sys **LOCKED** 32
07:15:51.104 Modules scanning
07:16:31.932 Disk 0 trace - called modules:
07:16:31.948 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
07:16:31.948 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a75dab8]
07:16:31.948 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a75eb00]
07:16:32.354 Scan finished successfully
07:16:48.010 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mark\Desktop\MBR.dat"
07:16:48.026 The log file has been saved successfully to "C:\Documents and Settings\mark\Desktop\aswMBR.txt"
  • 0

#4
BlackOxide
Posted 16 November 2011 - 01:13 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

Lets now start removing the malware found in the OTL log. Just follow the steps below. If you have any difficulties, just let me know.


1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A A5 62 0F D4 C8 92 47 81 F8 E8 27 18 5E FD 7C [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A A5 62 0F D4 C8 92 47 81 F8 E8 27 18 5E FD 7C [binary data]
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A A5 62 0F D4 C8 92 47 81 F8 E8 27 18 5E FD 7C [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A A5 62 0F D4 C8 92 47 81 F8 E8 27 18 5E FD 7C [binary data]
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A A5 62 0F D4 C8 92 47 81 F8 E8 27 18 5E FD 7C [binary data]
FF - prefs.js..extensions.enabledItems: {dd62fa51-e729-4de2-99a5-345b54c7c60e}:1.0
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q="
[2011/06/13 06:08:56 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{dd62fa51-e729-4de2-99a5-345b54c7c60e}
[2011/11/14 10:31:58 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\searchplugins\Search_Results.xml
[2011/11/14 10:31:58 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2008/11/29 19:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\alot

:Services

:Reg
[HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.




2)
You do appear to be running two Anti Virus programs, AVG 2012 and Microsoft Security Essentials.

With Anti-Virus programs I would highly recommend only having one installed at any given time :)

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

To uninstall one of the two, just go into Control Panel, then Add or Remove programs, select the one you wish to uninstall and click Remove.




3)
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




In your next reply
Please post the contents of...
OTL log
MBAM log
  • 0

#5
dnsaboutthis
Posted 17 November 2011 - 10:26 AM

dnsaboutthis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
BlackOxide, so far so good. Thank you!

OTL logfile created on: 11/16/2011 3:04:34 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mark\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.58% Memory free
3.85 Gb Paging File | 3.23 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.07 Gb Total Space | 42.35 Gb Free Space | 59.59% Space Free | Partition Type: NTFS

Computer Name: D6F65Q81 | User Name: mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 17:51:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark\My Documents\Downloads\OTL.exe
PRC - [2011/11/10 23:47:09 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/24 19:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 05:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe
PRC - [2006/04/21 13:26:38 | 005,358,592 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
PRC - [2005/07/04 15:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
PRC - [2005/02/10 16:54:38 | 000,139,264 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
PRC - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/05/24 11:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe
PRC - [2004/04/07 11:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/02/13 13:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 23:47:10 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/07/12 19:51:55 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2005/09/02 07:25:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\Security.dll
MOD - [2005/02/24 19:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\ses_cl.dll
MOD - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2004/11/08 13:41:44 | 000,219,136 | ---- | M] () -- C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll
MOD - [2004/09/29 14:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\ez54g.dll
MOD - [2004/02/13 13:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
MOD - [2004/02/11 15:58:16 | 000,147,493 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\bwfiles.dll
MOD - [2004/02/11 15:58:16 | 000,094,243 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\FrExt.dll
MOD - [2004/02/11 15:58:16 | 000,061,496 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\clntutil.dll
MOD - [2003/10/13 15:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2003/06/08 18:21:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWTargetInf.dll
MOD - [2003/06/08 16:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\frext-7288971.dll
MOD - [2003/06/08 16:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll
MOD - [2002/04/23 23:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\GEMWEP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WUSB54GSCSVC)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/02/10 16:54:38 | 000,139,264 | ---- | M] (Netscape Communications Corporation) [Auto | Running] -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe -- (NCUpdateSvc)
SRV - [2004/05/24 11:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2004/04/07 11:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/11/16 15:05:24 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/11/16 14:55:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\MpEngineStore\MpKslcf1e567d.sys -- (MpKslcf1e567d)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/12/09 07:28:04 | 000,085,288 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_14951.SYS -- (NEOFLTR_650_14951) Juniper Networks TDI Filter Driver (NEOFLTR_650_14951)
DRV - [2008/04/13 12:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/09/10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/26 12:43:54 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/01 17:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/07/07 09:27:28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2004/07/07 07:55:12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/06/02 12:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2004/05/20 07:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/05/20 07:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2004/05/20 07:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {c1970c0d-dbe6-4d91-804f-c9c0de643a57}:1.3.2.14
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mark\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mark\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/04 08:08:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 23:47:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 23:47:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/20 08:59:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\mark\Application Data\Move Networks [2009/11/08 08:17:17 | 000,000,000 | ---D | M]

[2011/11/14 16:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark\Application Data\Mozilla\Extensions
[2011/11/16 14:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions
[2010/11/28 05:49:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/20 20:38:44 | 000,000,000 | ---D | M] (NoRedirect) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
[2010/11/28 05:49:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/11/16 14:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/30 10:36:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/20 07:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/11/08 08:17:17 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOVE NETWORKS
[2011/11/04 08:08:58 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2008/12/10 15:40:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/07/20 08:59:42 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/16 14:08:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\mark\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files\Crawler\Radio\CRadio.exe (Crawler.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://remote.horme...fc.ad dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B911390-84EE-4E55-941F-AE9E06FFC283}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{67c9945f-f686-11df-9a13-001839106bb9}\Shell - "" = AutoRun
O33 - MountPoints2\{67c9945f-f686-11df-9a13-001839106bb9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c9945f-f686-11df-9a13-001839106bb9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/16 14:55:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/11/16 14:08:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/15 09:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/15 01:36:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/15 01:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/15 01:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/14 23:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/11/14 23:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/11/14 10:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark\Local Settings\Application Data\Ilivid Player
[2011/11/14 10:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}
[2011/11/11 12:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/10/27 05:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012

========== Files - Modified Within 30 Days ==========

[2011/11/16 14:58:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/16 14:52:34 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/16 14:52:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/16 14:52:06 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/16 14:37:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/16 14:26:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/16 14:08:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/16 10:15:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/16 09:00:13 | 109,888,454 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/16 07:16:48 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\MBR.dat
[2011/11/15 21:06:02 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/11/15 18:15:04 | 000,118,778 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/11/15 15:01:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/15 10:38:06 | 000,003,154 | ---- | M] () -- C:\Documents and Settings\mark\Application Data\SAS7_000.DAT
[2011/11/15 09:17:43 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/15 09:17:43 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\Spybot - Search & Destroy.lnk
[2011/11/15 01:29:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\mark\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/15 01:29:15 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\NTREGOPT.lnk
[2011/11/15 01:29:15 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\ERUNT.lnk
[2011/11/14 23:53:54 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\SpywareBlaster.lnk
[2011/11/14 23:16:09 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\mark\My Documents\redirecxt fix.rtf
[2011/11/14 16:46:06 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\Internet.lnk
[2011/11/14 16:11:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/11 14:21:07 | 004,504,695 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\DCRTRV140.pdf
[2011/11/09 21:32:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/07 08:01:24 | 000,446,414 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 08:01:24 | 000,073,236 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 08:08:59 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

========== Files Created - No Company Name ==========

[2011/11/16 07:16:48 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\MBR.dat
[2011/11/15 09:17:43 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/15 09:17:43 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Spybot - Search & Destroy.lnk
[2011/11/15 01:29:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\mark\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/15 01:29:15 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\NTREGOPT.lnk
[2011/11/15 01:29:15 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\ERUNT.lnk
[2011/11/14 23:53:54 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\SpywareBlaster.lnk
[2011/11/14 23:16:08 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\mark\My Documents\redirecxt fix.rtf
[2011/11/14 16:46:06 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Internet.lnk
[2011/11/11 14:20:50 | 004,504,695 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\DCRTRV140.pdf
[2011/10/27 05:28:35 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/08/26 21:15:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/20 10:12:14 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/10 08:10:10 | 000,000,631 | ---- | C] () -- C:\WINDOWS\EReg213.dat
[2010/04/10 09:51:06 | 000,118,642 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2010/04/10 09:07:57 | 000,118,668 | ---- | C] () -- C:\WINDOWS\hpoins09.dat.temp
[2010/04/10 09:07:57 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat.temp
[2010/01/07 01:11:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/07 00:48:10 | 000,000,322 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/11/09 09:45:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\housecall.guid.cache
[2009/04/27 09:52:03 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/01/31 20:36:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/27 22:18:14 | 000,030,505 | ---- | C] () -- C:\WINDOWS\SSSETUP.EXE
[2008/12/21 12:42:52 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/14 11:04:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\fusioncache.dat
[2008/11/11 14:27:06 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/11/11 14:27:06 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\8528ED2272.sys
[2008/11/10 15:39:57 | 000,003,154 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\SAS7_000.DAT
[2008/11/10 14:47:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/11/04 14:33:48 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\PFP120JPR.{PB
[2008/11/04 14:33:48 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\PFP120JCM.{PB
[2008/11/04 11:27:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/03/20 16:44:02 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2006/03/09 11:29:36 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005/10/26 12:57:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/26 12:54:29 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/10/26 12:46:14 | 000,000,248 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/26 12:42:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/26 12:20:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/26 12:20:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/10/26 12:20:22 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 07:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,446,414 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,073,236 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/05/19 11:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2011/07/20 06:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/27 05:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/28 09:05:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/17 14:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/12/21 12:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/07/20 10:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/01 07:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/11/16 09:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/07/10 11:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2010/12/21 13:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/12/21 12:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/21 13:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/08/10 13:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/15 14:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/11/16 06:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/27 14:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/11/14 16:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}
[2011/07/15 17:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/12/01 10:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Nuance
[2010/11/27 14:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/12/08 11:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\AVG
[2011/09/28 08:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\AVG2012
[2009/01/17 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\DriverCure
[2011/04/15 09:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Image Zone Express
[2011/06/01 07:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Juniper Networks
[2008/11/29 17:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Leadertech
[2010/12/21 13:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Nuance
[2011/10/10 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Sammsoft
[2010/11/21 10:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\SuperAdBlocker.com
[2011/04/15 14:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\TaxCut
[2008/12/12 15:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Nuance
[2011/11/16 14:58:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/15 21:06:02 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8178

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/16/2011 2:49:16 PM
mbam-log-2011-11-16 (14-49-16).txt

Scan type: Quick scan
Objects scanned: 182388
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 252

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\MyWaySearchAssistantDE.Auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\mark\application data\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\02000000c5698dbd1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000c5698dbd1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000c5698dbd1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000c5698dbd1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\spy_ignore.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\Logs\2009-05-27 12-28-170.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\Logs\2009-05-27 12-35-100.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\filelist.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-0.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-1.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-10.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-100.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-101.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-102.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-103.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-104.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-105.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-106.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-107.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-108.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-109.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-11.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-110.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-111.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-112.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-113.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-26.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-27.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-28.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-29.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-3.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-30.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-31.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-32.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-33.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-34.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-35.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-36.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-37.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-38.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-39.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-4.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-40.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-41.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-42.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-44.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-45.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-46.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-47.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-48.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-49.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-5.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-50.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-51.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-52.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-53.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-54.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-55.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-56.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-57.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-58.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-59.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-6.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-60.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-62.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-63.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-64.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-65.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-66.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-67.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-68.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-69.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-7.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-70.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-71.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-72.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-73.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-74.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-75.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-76.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-77.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-78.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-79.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-80.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-81.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-82.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-83.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-84.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-85.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-86.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-87.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-88.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-89.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-9.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-90.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-91.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-92.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-93.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-94.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-95.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-96.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-97.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-98.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-99.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-114.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-132.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-150.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-169.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-187.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-204.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-222.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-25.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-43.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-61.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-8.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-115.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-116.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-117.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-118.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-119.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-12.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-120.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-121.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-122.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-123.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-124.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-125.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-126.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-127.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-128.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-129.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-13.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-130.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-131.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-133.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-134.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-135.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-136.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-137.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-138.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-139.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-14.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-140.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-141.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-142.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-143.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-144.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-145.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-146.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-147.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-148.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-149.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-15.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-151.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-152.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-153.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-154.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-155.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-156.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-157.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-158.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-159.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-16.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-160.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-161.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-162.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-163.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-164.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-165.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-166.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-167.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-168.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-17.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-170.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-171.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-172.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-173.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-174.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-175.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-176.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-177.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-178.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-179.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-18.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-180.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-181.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-182.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-183.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-184.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-185.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-186.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-188.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-189.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-19.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-190.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-191.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-192.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-193.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-194.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-195.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-196.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-197.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-198.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-199.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-2.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-20.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-200.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-201.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-202.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-203.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-205.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-206.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-207.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-208.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-209.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-21.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-210.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-211.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-212.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-213.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-214.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-215.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-216.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-217.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-218.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-219.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-22.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-220.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-221.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-223.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-224.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-225.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-226.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-227.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-228.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-229.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-23.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-230.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-231.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-232.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-233.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-234.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-235.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-236.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-237.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-238.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-239.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\quarantinew\2009-05-27 12-32-400\regb-24.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
c:\documents and settings\mark\application data\ErrorFix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
  • 0

#6
BlackOxide
Posted 17 November 2011 - 01:01 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
:)

Looking much better now. Lets just run a scan with Kaspersky to see if it comes across any others still lingering.

After you have done the following scan, if you could just give me an update as to how the PC is running now and whether you are still being redirected.



Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.
  • Save it to your desktop.
  • Double click the setup file to run it.
  • Follow the onscreen prompts until it is installed
  • Click the Options button (the 'cog' icon), then make sure only the following are ticked:

  • System Memory
  • Hidden startup objects
  • Disk boot sectors
  • Local Disk (C:)
  • Also any other drives (Removable that you may have)


  • Then click on Actions on the left hand side
  • Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
  • Click on Automatic Scan
  • Now click the Start Scanning button, to run the scan
  • After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
  • Click Detected threats on the left
  • Now click the Save button, and save it as kaslog.txt to your Desktop
  • Please copy and paste the contents of kaslog.txt in your next reply.

  • 0

#7
BlackOxide
Posted 24 November 2011 - 02:09 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
BlackOxide
Posted 07 December 2011 - 04:47 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Reopened Topic.

Could you do the Kaspersky scan above, if you haven't already done so please. Make sure you re-download Kaspersky if you have an old copy, as it is constantly being updated. Then could you do a scan with OTL using the instructions below.



OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log



In your next reply
Please post the contents of...
Kaspersky log
OTL log
Update on how the PC is behaving
  • 0

#9
dnsaboutthis
Posted 08 December 2011 - 11:35 PM

dnsaboutthis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for re-opening this topic. No Kaspersky log to submit as I had to run it twice and didn't save the first log. I have a log from Nov. 17 but every time I try to include or attach it Firefox crashes (tried 3 times). The Google redirect issue has been solved. Thank you so much for that!

OTL logfile created on: 12/8/2011 5:42:00 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mark\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.25% Memory free
3.85 Gb Paging File | 2.72 Gb Available in Paging File | 70.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.07 Gb Total Space | 23.85 Gb Free Space | 33.56% Space Free | Partition Type: NTFS

Computer Name: D6F65Q81 | User Name: mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/08 22:22:37 | 000,717,296 | ---- | M] () -- C:\Documents and Settings\mark\Local Settings\Temp\RarSFX0\4822591.exe
PRC - [2011/12/08 22:22:32 | 000,457,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\mark\Local Settings\Temp\9488678\4822591.exe
PRC - [2011/12/08 13:35:02 | 105,061,144 | ---- | M] () -- C:\Documents and Settings\mark\My Documents\Downloads\setup_11.0.0.1245.x01_2011_12_08_22_20.exe
PRC - [2011/11/14 17:51:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark\My Documents\Downloads\OTL.exe
PRC - [2011/11/10 23:47:09 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/24 19:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 05:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe
PRC - [2006/04/21 13:26:38 | 005,358,592 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
PRC - [2005/07/04 15:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
PRC - [2005/02/10 16:54:38 | 000,139,264 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
PRC - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/08/04 04:00:00 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\freecell.exe
PRC - [2004/05/24 11:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe
PRC - [2004/04/07 11:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/02/13 13:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/08 22:22:37 | 000,717,296 | ---- | M] () -- C:\Documents and Settings\mark\Local Settings\Temp\RarSFX0\4822591.exe
MOD - [2011/12/08 13:35:02 | 105,061,144 | ---- | M] () -- C:\Documents and Settings\mark\My Documents\Downloads\setup_11.0.0.1245.x01_2011_12_08_22_20.exe
MOD - [2011/12/05 18:16:30 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 23:47:10 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/10/20 10:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 10:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2005/09/02 07:25:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\Security.dll
MOD - [2005/02/24 19:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\ses_cl.dll
MOD - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2004/11/08 13:41:44 | 000,219,136 | ---- | M] () -- C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll
MOD - [2004/09/29 14:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\ez54g.dll
MOD - [2004/02/13 13:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
MOD - [2004/02/11 15:58:16 | 000,147,493 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\bwfiles.dll
MOD - [2004/02/11 15:58:16 | 000,094,243 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\FrExt.dll
MOD - [2004/02/11 15:58:16 | 000,061,496 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\clntutil.dll
MOD - [2003/10/13 15:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2003/06/08 18:21:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWTargetInf.dll
MOD - [2003/06/08 16:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\frext-7288971.dll
MOD - [2003/06/08 16:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll
MOD - [2002/04/23 23:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\GEMWEP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WUSB54GSCSVC)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/02/10 16:54:38 | 000,139,264 | ---- | M] (Netscape Communications Corporation) [Auto | Running] -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe -- (NCUpdateSvc)
SRV - [2004/05/24 11:35:52 | 000,322,104 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2004/04/07 11:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsl0293c6a4)
DRV - File not found [File_System | Unknown | Running] -- -- (4822591drv)
DRV - [2011/12/08 22:20:44 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\54377078.sys -- (54377078)
DRV - [2011/12/08 17:17:24 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81153DE-7EA8-45B9-8A89-88CFDC875510}\MpKsl701fbfeb.sys -- (MpKsl701fbfeb)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/12/09 07:28:04 | 000,085,288 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_14951.SYS -- (NEOFLTR_650_14951) Juniper Networks TDI Filter Driver (NEOFLTR_650_14951)
DRV - [2008/04/13 12:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/09/10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/26 12:43:54 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/01 17:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/07/07 09:27:28 | 000,070,070 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2004/07/07 07:55:12 | 000,152,049 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/06/02 12:19:00 | 000,038,705 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2004/05/20 07:41:54 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/05/20 07:39:42 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2004/05/20 07:21:10 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {c1970c0d-dbe6-4d91-804f-c9c0de643a57}:1.3.2.14
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mark\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mark\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/04 08:08:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 23:47:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 23:47:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/20 08:59:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\mark\Application Data\Move Networks [2009/11/08 08:17:17 | 000,000,000 | ---D | M]

[2011/11/14 16:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark\Application Data\Mozilla\Extensions
[2011/12/08 12:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions
[2010/11/28 05:49:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/20 20:38:44 | 000,000,000 | ---D | M] (NoRedirect) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
[2010/11/28 05:49:18 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\mark\Application Data\Mozilla\Firefox\Profiles\wr3mwzbn.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/12/08 12:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/30 10:36:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/20 07:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/19 08:11:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009/11/08 08:17:17 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOVE NETWORKS
[2011/11/04 08:08:58 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2008/12/10 15:40:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/07/20 08:59:42 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/16 14:08:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\mark\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\mark\Start Menu\Programs\Startup\_uninst_54377078.lnk = C:\Documents and Settings\mark\Local Settings\Temp\_uninst_54377078.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files\Crawler\Radio\CRadio.exe (Crawler.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://remote.horme...fc.ad dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B911390-84EE-4E55-941F-AE9E06FFC283}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{67c9945f-f686-11df-9a13-001839106bb9}\Shell - "" = AutoRun
O33 - MountPoints2\{67c9945f-f686-11df-9a13-001839106bb9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{67c9945f-f686-11df-9a13-001839106bb9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2021469330-4144991236-999120168-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/08 13:36:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/12/08 13:35:46 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\54377078.sys
[2011/12/07 16:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/12/05 17:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/12/05 17:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/30 00:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark\WINDOWS
[2011/11/17 10:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/16 14:08:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/15 01:36:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/14 23:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/11/14 23:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/11/14 10:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark\Local Settings\Application Data\Ilivid Player
[2011/11/14 10:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}

========== Files - Modified Within 30 Days ==========

[2011/12/08 22:20:44 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\54377078.sys
[2011/12/08 17:49:53 | 111,684,810 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/08 17:26:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 13:37:39 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\mark\Start Menu\Programs\Startup\_uninst_54377078.lnk
[2011/12/08 10:15:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/08 07:21:10 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/12/08 02:26:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/07 16:17:23 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/05 17:15:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/05 17:08:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/05 17:08:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/05 17:08:37 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/05 15:33:01 | 000,000,043 | ---- | M] () -- C:\END
[2011/12/05 07:22:32 | 000,003,154 | ---- | M] () -- C:\Documents and Settings\mark\Application Data\SAS7_000.DAT
[2011/11/30 08:03:50 | 000,063,488 | ---- | M] () -- C:\WINDOWS\xobglu16.dll
[2011/11/30 08:03:50 | 000,023,552 | ---- | M] () -- C:\WINDOWS\xobglu32.dll
[2011/11/29 15:01:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/25 09:12:11 | 000,158,517 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/11/22 09:36:50 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/19 07:00:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/17 17:55:40 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\Shortcut to setup_11.0.0.1245.x01_2011_11_18_01_58.exe.lnk
[2011/11/17 09:05:31 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/16 14:37:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/16 14:08:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/16 07:16:48 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\MBR.dat
[2011/11/15 01:29:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\mark\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/14 23:53:54 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\SpywareBlaster.lnk
[2011/11/14 23:16:09 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\mark\My Documents\redirecxt fix.rtf
[2011/11/14 16:46:06 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\Internet.lnk
[2011/11/11 14:21:07 | 004,504,695 | ---- | M] () -- C:\Documents and Settings\mark\Desktop\DCRTRV140.pdf

========== Files Created - No Company Name ==========

[2011/12/08 13:37:39 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\mark\Start Menu\Programs\Startup\_uninst_54377078.lnk
[2011/12/07 16:17:23 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/05 15:32:59 | 000,000,043 | ---- | C] () -- C:\END
[2011/11/30 08:03:50 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2011/11/30 08:03:50 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2011/11/17 17:55:40 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Shortcut to setup_11.0.0.1245.x01_2011_11_18_01_58.exe.lnk
[2011/11/16 07:16:48 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\MBR.dat
[2011/11/15 01:29:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\mark\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/14 23:53:54 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\SpywareBlaster.lnk
[2011/11/14 23:16:08 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\mark\My Documents\redirecxt fix.rtf
[2011/11/14 16:46:06 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\Internet.lnk
[2011/11/11 14:20:50 | 004,504,695 | ---- | C] () -- C:\Documents and Settings\mark\Desktop\DCRTRV140.pdf
[2011/08/26 21:15:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/20 10:12:14 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/10 08:10:10 | 000,000,631 | ---- | C] () -- C:\WINDOWS\EReg213.dat
[2010/04/10 09:51:06 | 000,118,642 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2010/04/10 09:07:57 | 000,118,668 | ---- | C] () -- C:\WINDOWS\hpoins09.dat.temp
[2010/04/10 09:07:57 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat.temp
[2010/01/07 01:11:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/07 00:48:10 | 000,000,322 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/11/09 09:45:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\housecall.guid.cache
[2009/04/27 09:52:03 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/01/31 20:36:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/27 22:18:14 | 000,030,505 | ---- | C] () -- C:\WINDOWS\SSSETUP.EXE
[2008/12/21 12:42:52 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/14 11:04:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\mark\Local Settings\Application Data\fusioncache.dat
[2008/11/11 14:27:06 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/11/11 14:27:06 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\8528ED2272.sys
[2008/11/10 15:39:57 | 000,003,154 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\SAS7_000.DAT
[2008/11/10 14:47:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/11/04 14:33:48 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\PFP120JPR.{PB
[2008/11/04 14:33:48 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\mark\Application Data\PFP120JCM.{PB
[2008/11/04 11:27:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/03/20 16:44:02 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2006/03/09 11:29:36 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005/10/26 12:57:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/26 12:54:29 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/10/26 12:46:14 | 000,000,248 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/26 12:42:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/26 12:20:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/26 12:20:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/10/26 12:20:22 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 07:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,446,414 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,073,236 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/05/19 11:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2011/07/20 06:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/27 05:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/28 09:05:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/17 14:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/12/21 12:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/07/20 10:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/01 07:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/12/08 17:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/07/10 11:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2010/12/21 13:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/12/21 12:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/21 13:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/08/10 13:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/15 14:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/11/16 06:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/27 14:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/11/14 16:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}
[2011/07/15 17:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/12/01 10:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Nuance
[2010/11/27 14:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/12/08 11:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\AVG
[2011/09/28 08:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\AVG2012
[2009/01/17 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\DriverCure
[2011/12/05 08:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Image Zone Express
[2011/06/01 07:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Juniper Networks
[2008/11/29 17:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Leadertech
[2010/12/21 13:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Nuance
[2011/10/10 11:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\Sammsoft
[2010/11/21 10:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\SuperAdBlocker.com
[2011/04/15 14:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark\Application Data\TaxCut
[2008/12/12 15:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Nuance
[2011/12/05 17:15:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/08 07:21:10 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#10
BlackOxide
Posted 09 December 2011 - 01:41 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem, good to hear the redirects have stopped. Your OTL log looks good. Can you remember with the Kaspersky scan whether it found any infections or not?


Could you do the following scan for me please:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

Advertisements

#11
dnsaboutthis
Posted 09 December 2011 - 02:23 PM

dnsaboutthis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry, I do not remember if the Kaspersky scan found any infections or not. I want to say yes but have no further information. Thanks again for the help.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000009c

Kernel Drivers (total 156):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74C0000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74A0000 fltmgr.sys
0xF748E000 sr.sys
0xF7647000 PxHelp20.sys
0xF7479000 drvmcdb.sys
0xF7462000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7435000 NDIS.sys
0xF741B000 Mup.sys
0xF7717000 avgrkx86.sys
0xF789B000 AVGIDSEH.Sys
0xBA2DE000 54377078.sys
0xBA21D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9894000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB9880000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB985C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77F7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA20D000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xB9839000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9712000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xB967D000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xF7807000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9657000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xBA1FD000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA2BA000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9643000 \SystemRoot\system32\DRIVERS\parport.sys
0xF780F000 \SystemRoot\system32\drivers\Afc.sys
0xF79A9000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xBA1ED000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1DD000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7817000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA1CD000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9603000 \SystemRoot\system32\drivers\smwdm.sys
0xB95DF000 \SystemRoot\system32\drivers\portcls.sys
0xBA1BD000 \SystemRoot\system32\drivers\drmk.sys
0xB952C000 \SystemRoot\system32\drivers\senfilt.sys
0xB9F6A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7667000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA2AE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9515000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7677000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7687000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF781F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9504000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7697000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF772F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7737000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF773F000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7747000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF774F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79AB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB93B6000 \SystemRoot\system32\DRIVERS\update.sys
0xBA29E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76B7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76D7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB9A3B000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xB9A27000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF76F7000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xB12D3000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7777000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF79D3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7557000 \SystemRoot\system32\DRIVERS\DcCam.sys
0xB1285000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS
0xF7ABA000 \SystemRoot\System32\Drivers\Null.SYS
0xF79D5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7787000 \SystemRoot\system32\drivers\ssrtln.sys
0xF778F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7797000 \SystemRoot\System32\drivers\vga.sys
0xF79D7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF779F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77A7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7927000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB1252000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB11F9000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB11E1000 \??\C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS
0xB119A000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xB1174000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7537000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB114C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB112A000 \SystemRoot\System32\drivers\afd.sys
0xF7527000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB10FF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB108F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77B7000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81153DE-7EA8-45B9-8A89-88CFDC875510}\MpKsl701fbfeb.sys
0xF7517000 \SystemRoot\System32\Drivers\Fips.SYS
0xB0FB8000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xB0F48000 \SystemRoot\system32\DRIVERS\PAC7302.SYS
0xF7507000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF74F7000 \SystemRoot\system32\drivers\usbaudio.sys
0xBA29A000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA281000 \SystemRoot\system32\DRIVERS\usb8023.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\RNDISMP.SYS
0xBA24D000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB131E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA23D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB131A000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB1312000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB130E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB94F4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB0E18000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79E9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB0E94000 \SystemRoot\System32\drivers\Dxapi.sys
0xB943C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB9A94000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBF159000 \SystemRoot\System32\ATMFD.DLL
0xB100F000 \SystemRoot\system32\drivers\drvnddm.sys
0xB0FFF000 \SystemRoot\system32\drivers\dcfs2k.sys
0xB9D55000 \SystemRoot\system32\dla\tfsndres.sys
0xB0CE8000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB0CE4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB0909000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB08A4000 \SystemRoot\system32\drivers\wdmaud.sys
0xB0ABE000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79DF000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xB0905000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xF79E1000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xB0512000 \SystemRoot\system32\DRIVERS\srv.sys
0xB941C000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xB042A000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xB0F20000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B81153DE-7EA8-45B9-8A89-88CFDC875510}\MpKsl76f35744.sys
0xAFF61000 \SystemRoot\System32\Drivers\HTTP.sys
0xAFEB1000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0xAF98F000 \SystemRoot\system32\DRIVERS\4822591drv.sys
0x9CEA3000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
740 C:\WINDOWS\system32\smss.exe
788 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
820 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
1036 csrss.exe
1064 C:\WINDOWS\system32\winlogon.exe
1112 C:\WINDOWS\system32\services.exe
1124 C:\WINDOWS\system32\lsass.exe
1292 C:\WINDOWS\system32\svchost.exe
1340 svchost.exe
1380 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1420 C:\WINDOWS\system32\svchost.exe
1556 svchost.exe
1716 svchost.exe
1952 C:\WINDOWS\explorer.exe
224 C:\WINDOWS\system32\spoolsv.exe
348 svchost.exe
400 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
440 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
536 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
552 C:\Program Files\Bonjour\mDNSResponder.exe
1044 C:\Program Files\Java\jre6\bin\jqs.exe
584 C:\WINDOWS\system32\drivers\KodakCCS.exe
1544 C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
1540 C:\WINDOWS\system32\svchost.exe
1660 C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
2244 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
2440 C:\Program Files\AVG\AVG2012\avgnsx.exe
2472 C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
3864 alg.exe
4048 C:\Program Files\Analog Devices\Core\smax4pnp.exe
528 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
1468 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
1236 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
2124 C:\WINDOWS\system32\hkcmd.exe
1820 C:\WINDOWS\system32\igfxpers.exe
1548 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
1916 C:\WINDOWS\PixArt\PAC7302\Monitor.exe
1116 C:\Program Files\iTunes\iTunesHelper.exe
3976 C:\Program Files\Microsoft Security Client\msseces.exe
2560 C:\Program Files\AVG\AVG2012\avgtray.exe
3320 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3688 C:\WINDOWS\system32\ctfmon.exe
2120 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2600 C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
2916 C:\Program Files\iPod\bin\iPodService.exe
624 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2932 C:\WINDOWS\system32\freecell.exe
764 C:\WINDOWS\system32\HPZipm12.exe
3348 C:\Program Files\Mozilla Firefox\firefox.exe
1972 C:\Program Files\Mozilla Firefox\plugin-container.exe
10148 C:\Documents and Settings\mark\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-75JHC0, Rev: 06.01C06

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E66C176942DF42CCFE7A0113EAFF39E82F8B0047


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#12
BlackOxide
Posted 09 December 2011 - 03:18 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Ok no worries on the Kaspersky scan. At least if it did find anything, it should have removed them ;)

Can you do a scan with your Anti Virus software please. Let me know if any infections are found please. Then, could you run the following scan with Security Check please.


Download Security Check from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#13
dnsaboutthis
Posted 10 December 2011 - 12:40 PM

dnsaboutthis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
My anti-virus scan(AVG 2012)didn't find anything. The Security Check scan is below. Thank you again.

Results of screen317's Security Check version 0.99.28
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 29
Java 2 Runtime Environment, SE v1.4.2_03
Adobe Flash Player 9 Flash Player out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox ((3.6.24)) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````
  • 0

#14
BlackOxide
Posted 10 December 2011 - 03:11 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Great, overall your logs are looking good :)

Lets just get some of the programs on your PC updated to their latest versions. Just click on the names below to download them. Once downloaded, just double click and follow the onscreen prompts to install them.

Internet Explorer 8.0
Adobe Reader 10.1.1
Mozilla Firefox 8.0.1

Could you please uninstall the following programs (if visible):
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
  • Java 2 Runtime Environment, SE v1.4.2_03
  • Adobe Flash Player 9

Let me know how you get on with the above :)
  • 0

#15
dnsaboutthis
Posted 12 December 2011 - 09:25 AM

dnsaboutthis

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Everything went well with the program updates and removal. Thank you very much.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP