[mazzochi]

Hi,

I've been having some problems with google redirecting. I followed the tips at the start of this forum and I think that problem is solved but as that was intermitant it'll take some time to be sure.

Soon after I did all that my laptop crashed. I restarted in safe mode and ran spybot, malwarebytes and my antivirus. All came back clean, but I also did an OTL scan and there's some stuff that concerns me, the huge block of oriental characters for one.

I'm starting to think that it was some kind of virus that crashed my machine.

Here's the OTL log:

{doesnt want to post so I've attached it}

Attached Files

•  OTL.Txt   503.2KB   118 downloads

[Advertisements]

hi

Step 1

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2010/10/12 23:09:33 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{B9AE4556-0BEF-4E59-B389-D1E6CEB2D817}
  [2010/10/17 22:26:47 | 000,070,144 | RHS- | M] () -- C:\Users\Dave\AppData\Roaming\dcpctfmonc.dll
  [2010/08/12 21:17:08 | 000,000,000 | -HSD | M] -- C:\Users\Dave\AppData\Roaming\.#
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[ali.B]

hi

Step 1

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2010/10/12 23:09:33 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{B9AE4556-0BEF-4E59-B389-D1E6CEB2D817}
  [2010/10/17 22:26:47 | 000,070,144 | RHS- | M] () -- C:\Users\Dave\AppData\Roaming\dcpctfmonc.dll
  [2010/08/12 21:17:08 | 000,000,000 | -HSD | M] -- C:\Users\Dave\AppData\Roaming\.#
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[mazzochi]

Hi, thanks for your help with this. I've now done all that and this is my OTL log

OTL logfile created on: 30/10/2010 18:20:14 - Run 3
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Dave\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 56.60 Gb Free Space | 50.74% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 111.44 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive E: | 7.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DAVE-LAPTOP | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/30 18:18:07 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Dave\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010/10/29 21:55:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL.exe
PRC - [2010/10/29 21:10:47 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/29 21:10:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/07/27 01:00:06 | 000,247,808 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/07/26 23:41:12 | 000,107,568 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/07/21 19:23:43 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/07/01 00:07:46 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/23 03:48:08 | 000,322,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/05/25 22:00:28 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/04/16 10:12:40 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/05/26 20:06:05 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/10 23:02:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/07/17 00:31:32 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/06/13 22:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/11 19:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/15 02:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/04/18 23:18:02 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/04/11 00:30:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/04/11 00:30:14 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/04/07 06:42:36 | 000,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/07 06:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/04 11:03:14 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/03 21:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/02/23 16:32:56 | 000,126,976 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe


========== Modules (SafeList) ==========

MOD - [2010/10/29 21:55:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/05/20 04:49:58 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/07/27 01:00:06 | 000,247,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/07/26 23:41:20 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/07/21 19:23:43 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/23 03:48:08 | 000,322,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/05/25 22:00:28 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/04/16 10:12:40 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/05/15 02:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/04/07 06:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/04 11:03:14 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/21 21:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/03 21:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 02:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,164,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/05/13 23:05:40 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/05/13 23:05:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2008/08/12 22:33:38 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/07/11 19:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/14 02:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/15 02:05:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/05/15 02:05:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/05/15 02:05:42 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/04/28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/25 19:08:42 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/18 23:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/03/21 18:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/21 10:55:00 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/01/31 02:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/31 02:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:32:49 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/01/21 03:32:48 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/21 03:32:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/17 02:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2006/11/03 06:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...8&m=aspire_5735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...8&m=aspire_5735

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?o=15438&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.portal.cl...g.uk/dogstrust"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://websearch.ask...ocale=en_UK&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/22 22:15:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 21:10:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 21:10:55 | 000,000,000 | ---D | M]

[2009/06/24 15:21:13 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2010/10/29 22:00:23 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\z8vf38qj.default\extensions
[2010/06/28 19:06:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\z8vf38qj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/11 21:35:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\z8vf38qj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/10 00:12:40 | 000,002,427 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\z8vf38qj.default\searchplugins\askcom.xml
[2010/04/11 21:35:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/07/24 22:38:32 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/24 22:38:32 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/24 22:38:32 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/24 22:38:33 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/30 18:16:36 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100918173819.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Orange Toolbar) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Orange Toolbar) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Dave\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dave\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 18:16:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/29 21:13:36 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\GooredFix Backups
[2010/10/29 21:12:31 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Dave\Desktop\GooredFix.exe
[2010/10/29 21:05:57 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/10/29 21:03:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/26 11:30:08 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\TDSSKiller.exe
[2010/10/25 23:26:45 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Apple Computer
[2010/10/25 23:22:15 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Apple Computer
[2010/10/18 21:32:29 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\QuickScan
[2010/10/18 20:13:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/18 19:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/18 18:53:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/17 22:55:48 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Malwarebytes
[2010/10/17 22:55:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/17 22:55:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/17 22:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/17 22:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/17 22:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/12 23:46:46 | 000,000,000 | ---D | C] -- C:\Users\Dave\Option
[2010/10/12 23:02:42 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2008/12/25 02:24:05 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/10/30 18:17:48 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2010/10/30 18:17:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/10/30 18:17:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 18:17:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/30 18:17:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/30 18:17:31 | 3146,633,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/30 18:16:36 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/10/30 10:20:03 | 000,609,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/30 10:20:03 | 000,112,298 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/30 10:03:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4218970691-3535796236-3605850922-1000UA.job
[2010/10/30 09:03:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4218970691-3535796236-3605850922-1000Core.job
[2010/10/29 21:18:17 | 290,015,549 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/29 21:15:17 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\TDSSKiller.exe
[2010/10/29 21:12:33 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Dave\Desktop\GooredFix.exe
[2010/10/29 21:06:02 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101029-213059.backup
[2010/10/21 23:04:31 | 000,002,041 | ---- | M] () -- C:\Users\Dave\Desktop\Google Chrome.lnk
[2010/10/21 23:04:31 | 000,002,003 | ---- | M] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/18 21:30:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2010/10/18 19:52:29 | 000,001,878 | ---- | M] () -- C:\Users\Dave\Desktop\HijackThis.lnk
[2010/10/17 22:55:43 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 01:01:56 | 000,382,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/11 23:01:08 | 000,178,697 | ---- | M] () -- C:\Users\Dave\Documents\Run.xlsx
[2010/10/11 22:33:29 | 000,105,424 | ---- | M] () -- C:\Users\Dave\Documents\run.gpx.xml

========== Files Created - No Company Name ==========

[2010/10/29 21:49:30 | 3146,633,216 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/18 21:30:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2010/10/18 20:13:39 | 290,015,549 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/18 19:52:29 | 000,001,878 | ---- | C] () -- C:\Users\Dave\Desktop\HijackThis.lnk
[2010/10/17 22:55:43 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/17 08:59:44 | 000,002,041 | ---- | C] () -- C:\Users\Dave\Desktop\Google Chrome.lnk
[2010/10/17 08:59:44 | 000,002,003 | ---- | C] () -- C:\Users\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/17 08:58:06 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4218970691-3535796236-3605850922-1000UA.job
[2010/10/17 08:58:05 | 000,000,850 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4218970691-3535796236-3605850922-1000Core.job
[2010/10/11 22:51:08 | 000,178,697 | ---- | C] () -- C:\Users\Dave\Documents\Run.xlsx
[2010/10/11 22:33:29 | 000,105,424 | ---- | C] () -- C:\Users\Dave\Documents\run.gpx.xml
[2009/09/17 07:26:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/23 20:30:00 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LAME_MP3.dll
[2009/06/23 20:27:33 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009/06/23 20:27:33 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009/06/23 20:27:32 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009/06/23 20:27:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2008/12/25 02:09:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/12/25 01:42:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/12/25 01:39:10 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/05/15 06:50:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/15 06:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/15 06:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/05/14 13:48:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/14 13:48:14 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/05/14 13:48:14 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/05/14 13:48:13 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/12/20 11:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/05/15 06:46:38 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Acer GameZone Console
[2009/12/19 19:06:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Amazon
[2009/06/23 21:42:54 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Big Fish Games
[2009/06/23 20:28:29 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\DataCast
[2009/06/23 21:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\eSobi
[2010/06/21 19:04:11 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Facebook
[2010/07/12 20:30:43 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FloodLightGames
[2010/07/02 20:21:01 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\InfraRecorder
[2010/10/18 21:32:35 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\QuickScan
[2010/10/30 18:16:53 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E7393FC

< End of report >

[ali.B]

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

Please download JavaRa to your desktop and unzip it to it's own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Next

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, adware, dialers, and other riskware
  • Archives
  • E-mail databases
• Click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View report... at the bottom.
• Click the Save report... button.
  
  
  
  
• Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Things i would like to see in your reply:

• Malwarebytes Results.
• Kaspersky WebScanner Report
• Update on how your computer is running

[mazzochi]

Logs are below and all look clean. Things seem to be running better now. I've not had any redirects in a while so hopefully that is sorted.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4999

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

30/10/2010 19:45:14
mbam-log-2010-10-30 (19-45-14).txt

Scan type: Quick scan
Objects scanned: 140929
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

===========================================
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 30, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 30, 2010 07:36:52
Records in database: 4193834
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 128849
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:08:54

No threats found. Scanned area is clean.

Selected area has been scanned.

[ali.B]

hi

Congratulations your logs appear clean

Reset and Re-enable your System Restore

• Open OTL
• Under the Custom Scans/Fixes box at the bottom, paste the following:
  

  :Commands
  [clearallrestorepoints]
  [createrestorepoint]

• Click the Run Fix button at the top
• It might ask you to reboot, if so click YES

NEXT

• Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
• Click on the CleanUp button.
• Click Yes to begin the cleanup process and remove tools, including this application
• You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

• Keep Your windows up to date by regularly checking their website at:
  http://windowsupdate.microsoft.com/
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  
  
• Click Here to learn how to keep a backup of your important files
  
  
• FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Thank you

[mazzochi]

Thats great news. Thanks for all your help.

[ali.B]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.