Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

google redirect problems [Closed]

Started by robert1234 , Nov 28 2009 08:54 AM

  • This topic is locked This topic is locked

#16
robert1234
Posted 28 November 2009 - 02:02 PM

robert1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I got it ... starting procedure...
  • 0

Advertisements

#17
Essexboy
Posted 28 November 2009 - 02:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:)
  • 0

#18
robert1234
Posted 28 November 2009 - 02:54 PM

robert1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
hello,
combo fix logAttached File  combofix_log_112809_1549.txt   14.02KB   115 downloads

ComboFix 09-11-27.07 - robert 11/28/2009 15:25.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.186 [GMT -5:00]
Running from: c:\documents and settings\robert\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\robert\Desktop\cfscript.txt
AV: Avanquest SystemSuite *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Avanquest NetDefense Firewall *enabled* {E9CD9D09-CF58-4ec3-9B3F-E6B12C3E4171}

FILE ::
"c:\documents and settings\robert\132.tmp"
"c:\documents and settings\robert\1A2.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\robert\132.tmp
c:\documents and settings\robert\1A2.tmp

.
--------------- FCopy ---------------

c:\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-28 )))))))))))))))))))))))))))))))
.

2009-11-28 17:31 . 2009-11-28 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-28 17:17 . 2009-11-28 17:17 -------- d-----w- C:\_OTS
2009-11-28 08:23 . 2009-11-28 20:25 -------- d-----w- c:\windows\system32\wbem\Logs
2009-11-28 01:00 . 2009-11-28 01:00 -------- d-----w- C:\_OTM
2009-11-27 15:38 . 2009-08-11 00:10 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2009-11-27 15:38 . 2009-05-13 22:30 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2009-11-23 04:49 . 2008-10-09 14:48 202928 ----a-w- c:\windows\system32\drivers\sbtis.sys
2009-11-23 04:47 . 2009-11-23 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-11-23 03:45 . 2009-11-23 03:45 -------- d-----w- c:\program files\VS Revo Group
2009-11-22 19:42 . 2009-11-22 19:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-22 19:13 . 2009-11-22 19:13 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-22 15:55 . 2009-11-22 15:55 -------- d-----w- c:\documents and settings\robert\.COMMgr
2009-11-18 01:12 . 2009-11-27 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-17 04:27 . 2009-11-18 01:10 -------- d-----w- c:\documents and settings\Roberto(2)\Local Settings(2)
2009-11-17 04:27 . 2009-11-18 01:10 -------- d-----w- c:\documents and settings\Roberto(2)
2009-11-15 15:53 . 2009-11-15 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest
2009-11-15 15:50 . 2009-11-15 15:50 -------- d-----r- C:\_Backup.RC
2009-11-15 15:50 . 2009-11-28 18:01 -------- d-----w- C:\_Backup
2009-11-15 15:47 . 2009-11-27 15:19 -------- d-----w- c:\documents and settings\robert\Application Data\Avanquest
2009-11-15 15:47 . 2009-11-27 14:58 -------- d-----w- c:\program files\Common Files\AntiVirus
2009-11-15 15:45 . 2009-11-15 15:45 -------- d-----w- c:\program files\Avanquest
2009-11-08 14:53 . 2009-11-17 01:49 -------- d-----w- c:\program files\SEO Munchies
2009-10-29 22:23 . 2009-11-01 14:25 -------- d-----w- c:\program files\SpeedyPC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 20:25 . 2004-08-04 02:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-28 17:18 . 2006-07-19 11:48 -------- d-----w- c:\program files\BAE
2009-11-18 01:13 . 2009-11-18 01:13 -------- d-----w- c:\documents and settings\Roberto\Application Data\GTek
2009-11-18 01:09 . 2007-09-27 23:02 -------- d-----w- c:\program files\Common Files\HP
2009-11-18 01:09 . 2006-07-19 11:37 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-17 03:53 . 2009-08-31 23:41 -------- d-----w- c:\documents and settings\robert\Application Data\Skype
2009-11-17 02:14 . 2009-08-31 23:54 -------- d-----w- c:\documents and settings\robert\Application Data\skypePM
2009-11-16 02:08 . 2007-11-24 01:21 -------- d-----w- c:\program files\Kim Enders' Sales Page Rapid-Fire
2009-11-13 22:51 . 2007-10-08 02:03 88392 ----a-w- c:\documents and settings\Barbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 03:35 . 2007-09-27 15:02 -------- d-----w- c:\program files\Interbank FX Trader 4
2009-10-23 03:22 . 2006-07-21 19:50 88392 ----a-w- c:\documents and settings\robert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-22 07:12 . 2009-08-16 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-22 07:08 . 2006-07-19 11:38 -------- d-----w- c:\program files\Microsoft Works
2009-10-20 07:06 . 2009-10-20 07:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-20 05:13 . 2009-10-19 23:47 -------- d-----w- c:\documents and settings\robert\Application Data\Free Monitor for Google
2009-10-19 23:46 . 2009-10-19 23:46 -------- d-----w- c:\program files\Free Monitor for Google
2009-10-09 23:05 . 2007-09-27 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-25 05:49 . 2004-08-11 21:00 668672 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:48 . 2004-08-11 21:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:03 . 2004-08-11 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-06-28 21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-06-28 21:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2004-08-11 21:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 23:54 . 2009-08-31 23:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2007-11-28 02:26 . 2006-07-26 21:49 1290 --sh--w- c:\windows\lcfep5.drv
2007-11-28 02:50 . 2007-11-28 02:49 1234 --sh--w- c:\windows\lcfep6c.drv
2009-05-24 04:33 . 2006-10-10 20:07 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-11-28_18.43.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 02:59 . 2009-11-28 20:25 95360 c:\windows\system32\dllcache\atapi.sys
- 2004-08-04 02:59 . 2009-11-27 03:39 95360 c:\windows\system32\dllcache\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-05 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"3xAV"="c:\program files\Enounce\MySpeed\MySpeed.exe" [2009-06-19 855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 110592]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\robert\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-11 73728]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-5-17 811008]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2006-7-19 921704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 00:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [11/27/2009 10:38 AM 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/30/2009 1:56 PM 93360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [11/22/2009 11:49 PM 202928]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [7/19/2006 6:34 AM 61526]
R2 SBAMSvc;SystemSuite;c:\program files\Common Files\AntiVirus\SBAMSvc.exe [6/10/2009 6:00 AM 980264]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [11/27/2009 10:38 AM 69936]
R3 KFilter;KFilter;c:\progra~1\AVANQU~1\SYSTEM~1\KFilter.sys [8/28/2009 6:07 PM 61560]
R3 TFilter;TFilter;c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys [8/28/2009 6:07 PM 26952]
.
Contents of the 'Scheduled Tasks' folder

2009-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-11-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-08-08 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.trafficswarm.com/cgi-bin/swarm.cgi?442783&78fff65fb18123bfa8ac4ea7c4cd3289
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\robert\Application Data\Mozilla\Firefox\Profiles\uhndt51q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Avanquest\SystemSuite\Firefox3DV\components\VaultComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 15:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x82B48369]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8539fc3
\Driver\ACPI -> ACPI.sys @ 0xf83cccb8
\Driver\atapi -> atapi.sys @ 0xf835e7b4
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\PRISMAPI.DLL
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\PRISMAPI.DLL
.
Completion time: 2009-11-28 15:49
ComboFix-quarantined-files.txt 2009-11-28 20:48
ComboFix2.txt 2009-11-28 18:51

Pre-Run: 45,981,278,208 bytes free
Post-Run: 45,954,666,496 bytes free

- - End Of File - - 3AEF7CA38FE378B9C3343C4132789D56
  • 0

#19
Essexboy
Posted 28 November 2009 - 02:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Still getting redirects ?

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    CLASSPNP.SYS
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    CREATERESTOREPOINT



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

  • 0

#20
robert1234
Posted 28 November 2009 - 03:28 PM

robert1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
hello
Attached File  Extras.Txt   48.69KB   144 downloads
also getting an alert message "pev.cfxe is attemptring to saccess the internet.", and the option to allow or not.
I dont know what program this is associated with...

OTL logfile created on: 11/28/2009 4:14:46 PM - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\robert\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 188.84 Mb Available Physical Memory | 37.61% Memory free
1.20 Gb Paging File | 0.77 Gb Available in Paging File | 64.37% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.29 Gb Total Space | 42.82 Gb Free Space | 60.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERTS5150
Current User Name: robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/27 07:57:35 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\robert\Desktop\OTL.exe
PRC - [2009/08/28 17:54:28 | 00,050,456 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\SystemSuite\MXTask2.exe
PRC - [2009/08/28 17:54:26 | 00,521,496 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\SystemSuite\MXTask.exe
PRC - [2009/06/19 12:28:30 | 00,855,520 | ---- | M] (Enounce Incorporated) -- C:\Program Files\Enounce\MySpeed\MySpeed.exe
PRC - [2009/06/10 06:00:48 | 00,980,264 | ---- | M] (Sunbelt Software) -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2008/02/22 03:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/01/28 15:56:41 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/01/15 02:22:56 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/01/15 02:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/10/04 21:36:06 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/07/19 06:42:00 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2006/02/09 17:34:54 | 00,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2006/01/20 13:48:06 | 00,142,416 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe
PRC - [2005/12/22 20:14:54 | 00,921,704 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2005/12/22 19:21:44 | 00,061,526 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2005/12/22 19:15:46 | 00,381,014 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2005/10/20 09:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe
PRC - [2005/10/14 19:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/10/14 19:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/09/08 18:20:46 | 00,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2005/09/08 04:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/10 09:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/05/11 23:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
PRC - [2005/05/11 23:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005/05/11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/05/03 23:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
PRC - [2005/05/03 21:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2005/03/22 22:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2004/08/04 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/27 07:57:35 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\robert\Desktop\OTL.exe
MOD - [2009/08/28 17:26:26 | 00,028,672 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\SystemSuite\WinHook.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 04:00:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/28 17:54:26 | 00,521,496 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\SystemSuite\MXTask.exe -- (SystemSuite Task Manager)
SRV - [2009/06/10 06:00:48 | 00,980,264 | ---- | M] (Sunbelt Software) -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/05/12 18:23:18 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/28 15:56:41 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/01/15 02:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/01/13 08:55:05 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/01/20 13:48:06 | 00,142,416 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi)
SRV - [2005/12/22 19:21:44 | 00,061,526 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2005/10/20 09:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -- (QuickBooksDB)
SRV - [2005/05/03 23:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 21:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper)
SRV - [2005/05/03 20:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2004/11/19 10:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trafficsw...8ac4ea7c4cd3289
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.062
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:2.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}:1.0.06
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {4d855a8a-1536-4aa8-bf99-da2362910205}:9.0.2.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/17 02:03:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4d855a8a-1536-4aa8-bf99-da2362910205}: C:\Program Files\Avanquest\SystemSuite\Firefox3DV [2009/11/27 09:58:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\Avanquest\SystemSuite\Firefox [2009/11/27 09:58:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/16 22:17:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/12 07:38:25 | 00,000,000 | ---D | M]

[2009/01/07 20:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Mozilla\Extensions
[2009/01/07 20:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2009/11/28 14:10:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Mozilla\Firefox\Profiles\uhndt51q.default\extensions
[2009/08/17 06:22:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Mozilla\Firefox\Profiles\uhndt51q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/16 22:36:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Mozilla\Firefox\Profiles\uhndt51q.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009/10/01 20:16:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Mozilla\Firefox\Profiles\uhndt51q.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/09/07 09:26:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Mozilla\Firefox\Profiles\uhndt51q.default\extensions\{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}
[2009/07/01 19:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Mozilla\Firefox\Profiles\uhndt51q.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}(2)
[2009/10/06 20:25:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Mozilla\Firefox\Profiles\uhndt51q.default\extensions\[email protected]
[2009/03/02 22:38:11 | 00,002,887 | ---- | M] () -- C:\Documents and Settings\robert\Application Data\Mozilla\Firefox\Profiles\uhndt51q.default\searchplugins\domainsbotcom.xml
[2009/11/28 14:10:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/17 20:12:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/03/17 10:41:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/02/05 00:25:11 | 00,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

O1 HOSTS File: (312232 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10750 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\avgssie.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DataVault Object) - {8373ADC0-6330-11DD-9D77-22C856D89593} - C:\Program Files\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll (Avanquest Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Trellian &Toolbar) - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [3xAV] C:\Program Files\Enounce\MySpeed\MySpeed.exe (Enounce Incorporated)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\robert\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1203651559152 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/04 21:12:22 | 00,000,000 | ---D | M] - C:\Auto Insurance Article Maker -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 16:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 16:02:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (58268769037844480)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/28 13:05:35 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/28 13:05:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/28 13:05:35 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/28 13:05:35 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/28 13:01:10 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/28 12:31:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/28 12:17:01 | 00,000,000 | ---D | C] -- C:\_OTS
[2009/11/28 11:08:31 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\robert\Recent
[2009/11/28 10:24:34 | 00,530,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\robert\Desktop\OTS.exe
[2009/11/28 04:07:46 | 00,000,000 | ---D | C] -- C:\RECYCLER
[2009/11/27 20:40:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Desktop\GooredFix Backups
[2009/11/27 20:00:11 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/11/27 10:38:54 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2009/11/27 10:38:52 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2009/11/27 07:57:34 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\robert\Desktop\OTL.exe
[2009/11/22 23:49:04 | 00,202,928 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2009/11/22 23:47:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/11/22 22:45:44 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/11/22 14:42:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/22 10:55:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\.COMMgr
[2009/11/22 09:46:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Desktop\insurance pauyment 11-22-09_files
[2009/11/17 20:12:19 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/16 22:50:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\My Documents\My Scans
[2009/11/15 23:59:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/15 10:53:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BVRP Software
[2009/11/15 10:53:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2009/11/15 10:50:58 | 00,000,000 | R--D | C] -- C:\_Backup.RC
[2009/11/15 10:50:53 | 00,000,000 | ---D | C] -- C:\_Backup
[2009/11/15 10:47:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Application Data\Avanquest
[2009/11/15 10:47:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AntiVirus
[2009/11/15 10:45:21 | 00,000,000 | ---D | C] -- C:\Program Files\Avanquest
[2009/11/14 23:50:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\Desktop\tes tpost
[2005/05/11 22:36:48 | 00,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[1 C:\Documents and Settings\robert\Desktop\*.tmp files -> C:\Documents and Settings\robert\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/28 15:49:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/28 15:40:15 | 00,000,284 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/28 12:56:49 | 03,578,697 | R--- | M] () -- C:\Documents and Settings\robert\Desktop\ComboFix.exe
[2009/11/28 12:43:32 | 09,175,040 | ---- | M] () -- C:\Documents and Settings\robert\ntuser.dat
[2009/11/28 12:31:59 | 00,542,948 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/28 12:31:59 | 00,455,488 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/28 12:31:59 | 00,076,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/28 12:31:31 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/28 12:30:25 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/11/28 12:20:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/28 12:19:11 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\robert\ntuser.ini
[2009/11/28 10:24:44 | 00,530,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\robert\Desktop\OTS.exe
[2009/11/27 13:34:49 | 00,417,792 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\geekstogo page1.doc
[2009/11/27 12:18:20 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\robert\My Documents\settings.dat
[2009/11/27 08:26:39 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\robert\Desktop\~$ekstogo page1.doc
[2009/11/27 08:06:12 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/27 07:57:35 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\robert\Desktop\OTL.exe
[2009/11/26 21:11:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/22 22:45:45 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\Revo Uninstaller.lnk
[2009/11/22 09:46:14 | 00,006,703 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\insurance pauyment 11-22-09.htm
[2009/11/18 20:35:49 | 00,070,811 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\Kitchen_remodel_granite_countertops2.87151553.jpg
[2009/11/17 21:16:38 | 57,761,530 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\2009-10-13 17.34 ServerX Next Generation.wmv
[2009/11/17 20:15:17 | 00,321,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/17 03:20:54 | 02,808,166 | ---- | M] () -- C:\Documents and Settings\robert\My Documents\bob purple shirt.bmp
[2009/11/16 20:54:21 | 09,175,040 | -H-- | M] () -- C:\Documents and Settings\robert\NTUSER.bak
[2009/11/16 09:36:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/15 21:38:17 | 00,350,601 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\Munch-My-Articles-Manual.pdf
[2009/11/14 21:23:51 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\robert\Desktop\WPMage and Mage Blueprint Is The Real Deal for Greg Jacobs.doc
[1 C:\Documents and Settings\robert\Desktop\*.tmp files -> C:\Documents and Settings\robert\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/28 13:05:35 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/28 13:05:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/28 13:05:35 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/28 13:05:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/28 12:54:53 | 03,578,697 | R--- | C] () -- C:\Documents and Settings\robert\Desktop\ComboFix.exe
[2009/11/27 12:18:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\robert\My Documents\settings.dat
[2009/11/27 08:26:39 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\robert\Desktop\~$ekstogo page1.doc
[2009/11/27 08:01:44 | 00,417,792 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\geekstogo page1.doc
[2009/11/22 22:45:45 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\Revo Uninstaller.lnk
[2009/11/22 09:46:06 | 00,006,703 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\insurance pauyment 11-22-09.htm
[2009/11/18 20:35:41 | 00,070,811 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\Kitchen_remodel_granite_countertops2.87151553.jpg
[2009/11/17 21:10:32 | 57,761,530 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\2009-10-13 17.34 ServerX Next Generation.wmv
[2009/11/17 03:14:48 | 02,808,166 | ---- | C] () -- C:\Documents and Settings\robert\My Documents\bob purple shirt.bmp
[2009/11/15 21:38:16 | 00,350,601 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\Munch-My-Articles-Manual.pdf
[2009/11/14 21:23:50 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\robert\Desktop\WPMage and Mage Blueprint Is The Real Deal for Greg Jacobs.doc
[2009/08/14 18:08:07 | 00,000,023 | ---- | C] () -- C:\WINDOWS\ovas.ini
[2009/08/04 20:08:52 | 00,000,053 | ---- | C] () -- C:\WINDOWS\ArticleAssistant.ini
[2009/08/04 19:47:28 | 00,000,609 | ---- | C] () -- C:\WINDOWS\aasinst.ini
[2009/03/05 19:59:06 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/14 12:29:19 | 00,000,348 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/02/22 12:43:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/12/09 16:49:00 | 00,007,680 | ---- | C] () -- C:\Documents and Settings\robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/27 21:49:02 | 00,001,234 | -HS- | C] () -- C:\WINDOWS\lcfep6c.drv
[2007/09/27 17:54:36 | 00,011,746 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/10/10 15:07:12 | 00,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/26 16:49:16 | 00,001,290 | -HS- | C] () -- C:\WINDOWS\lcfep5.drv
[2006/07/26 16:30:20 | 00,006,656 | ---- | C] () -- C:\Documents and Settings\robert\Application Data\dvd.bmk
[2006/07/26 16:28:49 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\robert\Local Settings\Application Data\fusioncache.dat
[2006/07/19 06:56:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/19 06:47:53 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/19 06:39:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/19 06:16:12 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2006/07/19 06:16:10 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/01 11:01:02 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/11 16:24:19 | 00,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:00:30 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/15 11:21:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2008/02/22 12:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2009/11/22 23:47:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/01/25 10:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2007/11/27 21:49:02 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Floor Covering Soft
[2007/09/26 17:56:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2006/07/19 06:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2008/09/16 19:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2006/07/19 06:42:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/22 21:19:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/02/06 21:49:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Auto Dialer Pro
[2009/11/27 10:19:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Avanquest
[2006/10/10 15:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Corel Photo Album
[2008/08/20 18:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\FEP
[2009/08/02 20:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\FileZilla
[2009/10/20 00:13:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Free Monitor for Google
[2009/08/16 15:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\GetRightToGo
[2007/09/26 18:01:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Individual Software
[2009/09/07 15:20:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\KompoZer
[2006/07/21 15:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Leadertech
[2009/09/08 23:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\LimeWire
[2009/07/29 21:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\robert\Application Data\Nvu
[2009/11/28 12:30:25 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2009/11/28 15:25:53 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2009/11/28 15:25:53 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/11/28 15:25:53 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: CLASSPNP.SYS >
[2004/08/04 04:00:00 | 00,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\i386\classpnp.sys
[2004/08/04 04:00:00 | 00,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINDOWS\system32\drivers\classpnp.sys
[2008/04/13 14:16:22 | 00,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\classpnp.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
< End of report >

Attached Files

  • Attached File  OTL.Txt   86.42KB   95 downloads

  • 0

#21
robert1234
Posted 28 November 2009 - 03:28 PM

robert1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
make that PEV.cfxxe
  • 0

#22
robert1234
Posted 28 November 2009 - 03:34 PM

robert1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
still redirecting...
  • 0

#23
Essexboy
Posted 28 November 2009 - 03:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The file is Combofix trying to update itself

Do you recognise this file/folder C:\Documents and Settings\robert\.COMMgr

So far I have found no indicators of known redirect agents. So we may be playing with something new, this will mean another scan or two whilst I try to locate it

First I will look for the wdmaud file as none of my scans show it

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
wdmaud.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#24
robert1234
Posted 28 November 2009 - 04:27 PM

robert1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
file path C:\WINDOWS\system32\wdmaud
or wdmauddrv1( i think i renamed this one)
running system look...
  • 0

#25
robert1234
Posted 28 November 2009 - 04:29 PM

robert1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
C:\Documents and Settings\robert\.COMMgr
not familiar with this file...
  • 0

Advertisements

#26
robert1234
Posted 28 November 2009 - 04:32 PM

robert1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Attached File  SystemLook_112809_1731.txt   2.79KB   100 downloads
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 17:27 on 28/11/2009 by robert (Administrator - Elevation successful)

========== filefind ==========

Searching for "wdmaud.*"
C:\i386\wdmaud.drv --a--- 23552 bytes [15:52 03/08/2006] [09:00 04/08/2004] D6A8DC8C374EEA24744F2D4E87CA0E7E
C:\i386\wdmaud.sys --a--- 82944 bytes [15:44 03/08/2006] [03:15 04/08/2004] 2797F33EBF50466020C430EE4F037933
C:\WINDOWS\Driver Cache\i386\wdmaud.sys ------ 82944 bytes [09:00 14/06/2006] [09:00 14/06/2006] EFD235CA22B57C81118C1AEB4798F1C1
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wdmaud.drv --a--- 23552 bytes [00:12 14/04/2008] [00:12 14/04/2008] 680B56A8B62D1BCF4A0B2AAAD03D88E4
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wdmaud.sys --a--- 83072 bytes [19:17 13/04/2008] [19:17 13/04/2008] 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\system32\dllcache\wdmaud.drv --a--- 23552 bytes [04:56 04/08/2004] [05:56 04/08/2004] D6A8DC8C374EEA24744F2D4E87CA0E7E
C:\WINDOWS\system32\dllcache\wdmaud.sys --a--- 82944 bytes [11:35 19/07/2006] [09:00 14/06/2006] EFD235CA22B57C81118C1AEB4798F1C1
C:\WINDOWS\system32\drivers\wdmaud.sys --a--- 82944 bytes [11:35 19/07/2006] [09:00 14/06/2006] EFD235CA22B57C81118C1AEB4798F1C1
C:\WINDOWS\system32\wdmaud.drv --a--- 23552 bytes [04:56 04/08/2004] [05:56 04/08/2004] D6A8DC8C374EEA24744F2D4E87CA0E7E

-=End Of File=-
  • 0

#27
Essexboy
Posted 28 November 2009 - 04:55 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
All files are legitimate as shown by the MD5's so I do not feel that is the culprit

Lets quarantine that file/folder and see if that changes it. If it does I would like to upload it

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
[2009/11/22 10:55:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\robert\.COMMgr

:Commands
[purity]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

  • 0

#28
robert1234
Posted 28 November 2009 - 05:30 PM

robert1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
That did it...
Thanks so much for your assistance.
How do I upload the quarantined file?
Robert
  • 0

#29
Essexboy
Posted 28 November 2009 - 05:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread http://www.geekstogo...ms-t259923.html
  • Browse for this filename: C:\_OTL\Moved Files\C:\Documents and Settings\robert\.COMMgr
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

Once it has gone ...

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 17.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u17-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u17-windows-i586-p.exe and select "Run as an Administrator.")

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


SPRING CLEAN

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#30
robert1234
Posted 28 November 2009 - 07:03 PM

robert1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
redirect is back on restart...
after step 2 java update
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP