Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search results redirect to unrelated sites [Closed]

Started by bandana1948 , Apr 05 2012 09:26 AM

  • This topic is locked This topic is locked

#1
bandana1948
Posted 05 April 2012 - 09:26 AM

bandana1948

    New Member

  • Member
  • Pip
  • 1 posts
The problem: I use Google to search for something, and get a list of results. But when I click on one of the results, I am redirected to an altogether different site. I have avast! installed on my computer, and it blocks some of the pages to which I am redirected, usually with a warning that the page has been blocked because it was considered a security threat.

I acquired this malware yesterday when I was browsing the internet. I restored the computer to a previous point in time - but the persists. Please help, and thanks for your time. It is much appreciated. OTL log is pasted below.




OTL logfile created on: 4/5/2012 9:52:38 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\DELL\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.93 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.77% Memory free
7.87 Gb Paging File | 6.08 Gb Available in Paging File | 77.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 179.75 Gb Free Space | 63.43% Space Free | Partition Type: NTFS

Computer Name: DELL-PC | User Name: DELL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/05 09:51:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\DELL\Downloads\OTL.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/03/29 12:43:58 | 020,670,304 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/03/18 09:57:03 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\DELL\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
PRC - [2011/04/22 07:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/07/21 17:07:46 | 000,497,496 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
PRC - [2009/07/21 17:06:26 | 000,554,224 | ---- | M] (Dell Inc.) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2007/02/22 19:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/29 12:44:18 | 002,180,968 | ---- | M] () -- C:\Program Files (x86)\Ad-Aware Antivirus\ThreatWork.dll
MOD - [2012/03/18 09:57:03 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/19 09:18:38 | 008,527,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/16 20:07:53 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\a25e06e527720656434230d3ee420427\System.Core.ni.dll
MOD - [2012/02/16 20:04:50 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll
MOD - [2012/02/16 20:04:15 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll
MOD - [2012/02/16 20:03:59 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/16 20:03:52 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/16 20:03:49 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll
MOD - [2012/02/16 20:03:38 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/16 20:03:31 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/16 20:03:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/16 20:03:25 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/20 08:48:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2005/07/30 22:00:40 | 000,114,688 | ---- | M] () -- C:\WINDOWS\SysWOW64\OdiOlDVR.dll
MOD - [2004/06/21 11:14:54 | 000,053,248 | ---- | M] () -- C:\WINDOWS\SysWOW64\OdiAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/03/26 13:40:33 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/11/08 16:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/11/20 03:36:59 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/21 17:06:26 | 000,554,224 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/07/13 20:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/05/11 16:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/04/29 14:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Unknown] -- C:\WINDOWS\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010/11/08 16:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/09/29 14:20:06 | 000,022,528 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\VNUSB.sys -- (VNUSB)
DRV:64bit: - [2009/07/16 20:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 20:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 23:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 23:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/25 04:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 03:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 03:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 17:22:14 | 000,034,640 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\packet.sys -- (Packet)
DRV:64bit: - [2009/06/10 15:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 22:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/25 15:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Unknown] -- C:\WINDOWS\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/10 17:21:26 | 000,027,472 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\SysWOW64\drivers\packet.sys -- (Packet)
DRV - [2006/04/07 18:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\VNUSB.sys -- (VNUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DA0F5D76-A21C-4D00-9320-CEED833BE6F1}
IE:64bit: - HKLM\..\SearchScopes\{DA0F5D76-A21C-4D00-9320-CEED833BE6F1}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {FDB4CE72-7D29-47C1-91AA-7CB95A6B948C}
IE - HKLM\..\SearchScopes\{FDB4CE72-7D29-47C1-91AA-7CB95A6B948C}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
IE - HKCU\..\SearchScopes,DefaultScope = {FDB4CE72-7D29-47C1-91AA-7CB95A6B948C}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.pregnolog...y=22&year=2012"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DELL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DELL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DELL\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DELL\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/05 00:52:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/11/09 12:51:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 09:57:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/22 11:16:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/03/01 20:40:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/11/13 00:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DELL\AppData\Roaming\Mozilla\Extensions
[2011/10/21 16:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DELL\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/13 00:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DELL\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/03/26 10:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\cn04bc2i.default\extensions
[2012/01/07 18:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CN04BC2I.DEFAULT\EXTENSIONS\{861D02EF-6FD9-4CE1-954A-90EE3A4DE31C}.XPI
[2012/03/18 09:57:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/14 07:07:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/14 07:07:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Adobe] C:\Users\DELL\AppData\Local\Adobe\rkvhadps.dll (Macrovision Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\DELL\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B3DA601-B78C-4B83-8C65-6C9EAECA6B5D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{756102df-fb20-11e0-a15a-0026b9108a80}\Shell - "" = AutoRun
O33 - MountPoints2\{756102df-fb20-11e0-a15a-0026b9108a80}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/05 09:26:23 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Local\adaware
[2012/04/05 09:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/04/05 09:26:16 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/04/05 09:26:16 | 000,045,904 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\sbbd.exe
[2012/04/05 09:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/04/05 09:26:10 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/04/05 09:26:08 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
[2012/04/05 09:25:58 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/04/05 09:25:57 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/04/05 09:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/04/05 09:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/04/05 09:25:12 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Ad-Aware Antivirus
[2012/04/05 09:12:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/05 09:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012/03/15 22:32:51 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Local\Google
[2012/03/15 11:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/03/15 11:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/03/15 11:13:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/03/15 11:12:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/03/15 11:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/03/15 11:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/03/15 11:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/03/12 16:54:05 | 000,000,000 | ---D | C] -- C:\Users\DELL\Documents\Genealogy

========== Files - Modified Within 30 Days ==========

[2012/04/05 09:42:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2834827658-3742435415-618867808-1001UA.job
[2012/04/05 09:39:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/05 09:39:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/05 09:32:51 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/05 09:31:33 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/05 09:31:09 | 000,000,105 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/04/05 09:31:07 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/05 09:30:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/05 09:30:22 | 3168,419,840 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/05 09:29:11 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/05 09:29:11 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/05 09:29:11 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/05 09:12:53 | 000,002,095 | ---- | M] () -- C:\Users\DELL\Desktop\HijackThis.lnk
[2012/04/05 00:57:15 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/05 00:57:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/03 14:42:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2834827658-3742435415-618867808-1001Core.job
[2012/04/03 14:10:09 | 000,000,000 | ---- | M] () -- C:\Users\DELL\Desktop\LOG
[2012/04/02 07:48:23 | 000,003,188 | ---- | M] () -- C:\Users\DELL\Desktop\OF_US_IB Keycard - Shortcut.lnk
[2012/04/01 20:42:26 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/01 18:37:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/04/01 09:58:53 | 000,107,547 | ---- | M] () -- C:\Users\DELL\Desktop\2012 Dissertation Announce-Social Sciences-2.pdf
[2012/03/26 22:38:16 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\TradeLog9.lnk
[2012/03/26 07:39:31 | 324,381,986 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/24 19:10:04 | 000,003,046 | ---- | M] () -- C:\Users\DELL\Desktop\Gaya_BP - Shortcut.lnk
[2012/03/22 11:24:49 | 000,356,352 | ---- | M] () -- C:\Users\DELL\Documents\Database2.accdb
[2012/03/22 11:23:57 | 002,359,296 | ---- | M] () -- C:\Users\DELL\Documents\Assets.accdb
[2012/03/22 11:13:16 | 000,352,256 | ---- | M] () -- C:\Users\DELL\Documents\Database1.accdb
[2012/03/21 08:30:54 | 000,001,439 | ---- | M] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/21 01:13:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/21 01:13:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/16 20:55:31 | 000,005,324 | ---- | M] () -- C:\Users\DELL\Documents\bills and statements - Shortcut.lnk
[2012/03/15 11:24:38 | 000,446,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/14 15:40:35 | 000,004,096 | -H-- | M] () -- C:\Users\DELL\AppData\Local\keyfile3.drm

========== Files Created - No Company Name ==========

[2012/04/05 09:32:50 | 000,000,942 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/05 09:26:14 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/05 09:12:53 | 000,002,095 | ---- | C] () -- C:\Users\DELL\Desktop\HijackThis.lnk
[2012/04/05 00:57:15 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/02 07:48:23 | 000,003,188 | ---- | C] () -- C:\Users\DELL\Desktop\OF_US_IB Keycard - Shortcut.lnk
[2012/04/01 17:07:12 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/04/01 09:58:52 | 000,107,547 | ---- | C] () -- C:\Users\DELL\Desktop\2012 Dissertation Announce-Social Sciences-2.pdf
[2012/03/24 19:10:04 | 000,003,046 | ---- | C] () -- C:\Users\DELL\Desktop\Gaya_BP - Shortcut.lnk
[2012/03/22 11:24:10 | 000,356,352 | ---- | C] () -- C:\Users\DELL\Documents\Database2.accdb
[2012/03/22 11:13:16 | 002,359,296 | ---- | C] () -- C:\Users\DELL\Documents\Assets.accdb
[2012/03/22 11:10:14 | 000,352,256 | ---- | C] () -- C:\Users\DELL\Documents\Database1.accdb
[2012/03/21 01:13:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/21 01:13:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/15 22:32:54 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2834827658-3742435415-618867808-1001UA.job
[2012/03/15 22:32:52 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2834827658-3742435415-618867808-1001Core.job
[2011/11/25 19:38:43 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\OdiOlDVR.dll
[2011/11/25 19:38:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\OdiAPI.dll
[2011/10/27 12:10:09 | 000,004,096 | -H-- | C] () -- C:\Users\DELL\AppData\Local\keyfile3.drm
[2011/10/20 09:44:21 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/10/20 08:51:15 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/20 00:27:29 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/10/20 00:27:29 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/10/20 00:26:35 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011/10/20 00:26:34 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2011/10/20 00:26:26 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/10/20 00:26:26 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2011/10/20 00:25:05 | 000,000,105 | ---- | C] () -- C:\Windows\Brownie.ini

========== LOP Check ==========

[2012/04/05 09:32:51 | 000,000,942 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/01 18:37:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/04/01 20:42:26 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/12 08:46:24 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/05 09:31:07 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 05 April 2012 - 03:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there do the redirects occur in IE, Firefox or both ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Essexboy
Posted 09 April 2012 - 04:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP