Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus assistance please.

Started by demonflame5 , Sep 03 2011 01:27 PM

  • This topic is locked This topic is locked

#1
demonflame5
Posted 03 September 2011 - 01:27 PM

demonflame5

    Member

  • Member
  • PipPip
  • 13 posts
I've had this virus numerous times in the past and TDSSKiller was able to always remove it. This time, nothing works. I've tried using the guide's instructions, malware bytes, AVG scan, spybot: search and destroy, hitman pro 3.5. Nothing.

A little information about the virus. I don't know if I obtained it from peer-to-peer programs or my sister's computer. My sister's computer was also recently infected with some nasty viruses, google redirect virus, and an artificial windows security that wanted me to buy its program. I didn't feel like attempting to fix it as a reformat would be an easier option. I transferred files from her computer onto my main computer and after a few days my computer started to exhibit signs of the google redirect virus. I personally think I got the virus from peer-to-peer programs because I transferred the backed up files back to my sister's laptop and she hasn't received the virus on her laptop. I've also completely erased those files off my current computer and the virus is still here.

Thanks for the help.

OTL Log:

OTL logfile created on: 9/3/2011 12:09:36 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\*****\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 62.78% Memory free
8.00 Gb Paging File | 6.49 Gb Available in Paging File | 81.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 53.10 Gb Free Space | 22.80% Space Free | Partition Type: NTFS

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 12:05:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2011/09/01 16:24:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2009/07/13 18:14:44 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe
PRC - [2006/10/18 23:42:00 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\SysWOW64\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/01 16:24:51 | 001,001,432 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/06/02 16:15:22 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/08 17:55:32 | 000,205,352 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV:64bit: - [2010/04/08 17:55:30 | 000,148,008 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV:64bit: - [2010/04/08 17:55:22 | 000,149,544 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/06/02 19:10:05 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/16 21:41:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 18:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/18 23:42:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysWOW64\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/10/31 17:24:38 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2010/08/11 21:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/12 01:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/12 18:40:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/12/24 16:41:53 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/12/24 16:37:19 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/11/15 01:10:06 | 000,034,120 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/08/07 12:22:08 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\habu.sys -- (HabuFltr)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2009/01/21 19:55:48 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2008/03/13 00:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2011/05/31 15:59:04 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/05/31 15:58:53 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/05/31 14:28:50 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 4C 0E CC DE 44 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.gamefaqs.com/"
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.4
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.lib****...7777/proxy.pac"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53758
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/23 21:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/23 21:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/12 11:21:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/02 20:01:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/01 16:24:53 | 000,000,000 | ---D | M]

[2009/10/27 15:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2011/09/02 19:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions
[2010/03/26 22:29:27 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/05/18 18:51:27 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2011/08/27 11:14:08 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2011/03/24 00:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}-trash
[2011/08/27 11:14:07 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011/08/18 10:45:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/08/18 10:45:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/13 18:57:47 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2011/08/18 10:45:47 | 000,000,000 | ---D | M] (WindowShopper) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\superfish@superfish.com
[2009/12/07 19:40:51 | 000,002,055 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\searchplugins\daemon-search.xml
[2011/08/29 00:22:09 | 000,001,620 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\searchplugins\swagbuckscom.xml
[2011/05/13 18:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/12 11:21:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/03/23 21:08:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2008/06/11 23:13:32 | 000,075,184 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/09/03 11:56:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E025697-A9FA-4959-9055-8B2C98DADFCF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\E\Shell\setup\command - "" = E:\setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\I\Shell\setup\command - "" = I:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/03 12:05:43 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011/09/03 12:03:00 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\GooredFix Backups
[2011/09/03 12:02:01 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\*****\Desktop\GooredFix.exe
[2011/09/03 11:56:37 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/03 11:55:46 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTM.exe
[2011/09/03 11:49:09 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Registry Backup
[2011/09/03 11:48:19 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\erunt
[2011/09/02 20:53:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/02 20:53:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/02 20:52:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/02 19:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/08/29 18:04:30 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\tdsskiller
[2011/08/26 23:06:53 | 001,119,072 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\Dnetr28ux.sys
[2011/08/26 23:06:53 | 000,326,432 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011/08/18 00:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2011/08/18 00:04:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2011/08/18 00:04:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Sony
[2011/08/18 00:04:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Sony
[2011/08/05 15:50:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\winPadTrust

========== Files - Modified Within 30 Days ==========

[2011/09/03 12:05:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011/09/03 12:03:43 | 001,390,139 | ---- | M] () -- C:\Users\*****\Desktop\tdsskiller.zip
[2011/09/03 12:01:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\*****\Desktop\GooredFix.exe
[2011/09/03 12:00:37 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\lowfim.job
[2011/09/03 12:00:37 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\uzlpoxzhwd.job
[2011/09/03 12:00:37 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\QSIGF.job
[2011/09/03 12:00:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/03 12:00:27 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/03 11:56:38 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-148381442-1788448672-2635988242-1000UA.job
[2011/09/03 11:56:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/03 11:55:41 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTM.exe
[2011/09/03 11:27:47 | 130,954,251 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/09/02 19:42:15 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/08/29 20:03:38 | 000,239,630 | ---- | M] () -- C:\Users\*****\Desktop\scanned documents.jpeg
[2011/08/29 10:56:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-148381442-1788448672-2635988242-1000Core.job
[2011/08/29 00:25:34 | 000,062,976 | RHS- | M] () -- C:\Windows\SysWow64\fontsubo.dll
[2011/08/28 11:52:52 | 000,854,178 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/28 11:52:52 | 000,715,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/28 11:52:52 | 000,139,360 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/19 18:52:18 | 000,103,741 | ---- | M] () -- C:\Users\*****\Desktop\Security Monitor Resume.pdf
[2011/08/19 18:50:52 | 000,009,209 | ---- | M] () -- C:\Users\*****\Desktop\Security Monitor Application Essay.pdf
[2011/08/17 22:33:30 | 000,018,432 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/11 00:55:17 | 000,572,223 | ---- | M] () -- C:\Users\*****\Desktop\fbcdn video.mp4
[2011/08/06 20:49:45 | 000,170,486 | ---- | M] () -- C:\Users\*****\Desktop\Lecture2_Ethical Theories.pdf

========== Files Created - No Company Name ==========

[2011/09/03 12:03:40 | 001,390,139 | ---- | C] () -- C:\Users\*****\Desktop\tdsskiller.zip
[2011/09/02 19:42:15 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/08/29 20:04:43 | 000,239,630 | ---- | C] () -- C:\Users\*****\Desktop\scanned documents.jpeg
[2011/08/29 00:25:34 | 000,062,976 | RHS- | C] () -- C:\Windows\SysWow64\fontsubo.dll
[2011/08/29 00:25:34 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\lowfim.job
[2011/08/29 00:25:34 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\uzlpoxzhwd.job
[2011/08/29 00:25:34 | 000,000,304 | -HS- | C] () -- C:\Windows\tasks\QSIGF.job
[2011/08/26 23:06:53 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\drivers\anodlwfx.sys
[2011/08/26 23:06:53 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/08/19 18:52:13 | 000,103,741 | ---- | C] () -- C:\Users\*****\Desktop\Security Monitor Resume.pdf
[2011/08/19 18:50:52 | 000,009,209 | ---- | C] () -- C:\Users\*****\Desktop\Security Monitor Application Essay.pdf
[2011/08/11 00:55:16 | 000,572,223 | ---- | C] () -- C:\Users\*****\Desktop\fbcdn video.mp4
[2011/08/06 20:49:45 | 000,170,486 | ---- | C] () -- C:\Users\*****\Desktop\Lecture2_Ethical Theories.pdf
[2011/07/26 21:00:35 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/26 21:00:35 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/10 21:24:23 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\FreeImage3.dll
[2011/07/10 21:24:23 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\FreeImage.dll
[2011/07/10 21:24:23 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
[2011/07/10 21:24:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RegisterExe.exe
[2011/05/31 13:50:14 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/12/28 17:15:09 | 000,000,053 | ---- | C] () -- C:\Users\*****\AppData\Roaming\RSBot_Accounts.ini
[2010/12/26 00:55:55 | 000,005,328 | ---- | C] () -- C:\Users\*****\AppData\Roaming\C0D6.490
[2010/10/30 17:30:09 | 000,054,107 | ---- | C] () -- C:\Program Files (x86)\EULA.eng
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/06/11 18:47:10 | 000,000,246 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/03/28 11:34:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/01/07 13:28:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/23 18:08:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/23 18:07:58 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/12/23 18:07:56 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/10 02:59:56 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/03 15:00:28 | 000,018,432 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/26 23:41:00 | 000,000,016 | ---- | C] () -- C:\Windows\entpack.ini
[2009/11/25 20:22:27 | 001,208,320 | ---- | C] () -- C:\Windows\SysWow64\cygxml2-2.dll
[2009/11/25 20:22:27 | 000,980,992 | ---- | C] () -- C:\Windows\SysWow64\cygiconv-2.dll
[2009/11/25 20:22:27 | 000,328,978 | ---- | C] () -- C:\Windows\SysWow64\dvda.exe
[2009/11/25 20:22:27 | 000,062,464 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2009/11/25 16:12:24 | 000,000,133 | ---- | C] () -- C:\Users\*****\AppData\Roaming\burnaware.ini
[2009/11/25 16:08:54 | 000,000,437 | ---- | C] () -- C:\Users\*****\AppData\Roaming\ImageTuner.ini
[2009/11/12 22:54:51 | 000,788,128 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/12 20:51:04 | 000,847,360 | ---- | C] () -- C:\Windows\JS32.dll
[2009/11/06 16:34:56 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2009/11/01 17:43:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/27 23:01:34 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:24:58 | 000,034,699 | ---- | C] () -- C:\Windows\SysWow64\hlp.dat
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/06/20 23:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2005/01/20 21:02:28 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\RMDevice.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/09/03 11:56:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.purple
[2009/11/26 00:00:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\acccore
[2011/06/02 17:34:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Any Video Converter
[2011/07/17 13:59:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Atari
[2011/02/05 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AVG10
[2010/02/27 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bioshock2
[2009/11/02 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bluefive software
[2011/07/26 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Crayon Physics Deluxe
[2009/12/07 19:47:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite
[2011/06/24 17:55:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2009/11/25 23:31:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn
[2010/02/28 20:34:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\iSilo
[2011/07/17 13:58:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech
[2010/01/23 14:45:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ManyCam
[2010/10/30 17:30:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PacificPoker
[2011/08/18 00:04:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2009/10/29 16:24:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Razer
[2011/03/22 15:33:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Rovio
[2009/12/04 21:19:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\runic games
[2010/05/30 14:13:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SecondLife
[2011/07/10 21:24:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Softinterface, Inc
[2011/08/18 00:04:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony
[2011/02/05 14:40:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SystemRequirementsLab
[2011/09/03 01:24:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
[2009/12/04 21:31:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Wippien
[2011/09/03 12:00:37 | 000,000,312 | -HS- | M] () -- C:\Windows\Tasks\lowfim.job
[2011/09/03 12:00:37 | 000,000,304 | -HS- | M] () -- C:\Windows\Tasks\QSIGF.job
[2011/06/03 19:56:52 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/03 12:00:37 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\uzlpoxzhwd.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Users\*****\Desktop\scanned documents.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 03 September 2011 - 02:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there on completion of this can you let me know if the redirects are still apparent

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/08/29 00:25:34 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\lowfim.job
    [2011/08/29 00:25:34 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\uzlpoxzhwd.job
    [2011/08/29 00:25:34 | 000,000,304 | -HS- | C] () -- C:\Windows\tasks\QSIGF.job
    @Alternate Data Stream - 164 bytes -> C:\Users\*****\Desktop\scanned documents.jpeg:3or4kl4x13tuuug3Byamue2s4b

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
demonflame5
Posted 03 September 2011 - 03:23 PM

demonflame5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 9/3/2011 1:59:25 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\*****\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 67.96% Memory free
8.00 Gb Paging File | 6.63 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 51.17 Gb Free Space | 21.97% Space Free | Partition Type: NTFS

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 12:05:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2011/09/01 16:24:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2006/10/18 23:42:00 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\SysWOW64\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/01 16:24:51 | 001,001,432 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/08 17:55:32 | 000,205,352 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV:64bit: - [2010/04/08 17:55:30 | 000,148,008 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV:64bit: - [2010/04/08 17:55:22 | 000,149,544 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/06/02 19:10:05 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/16 21:41:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 18:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/18 23:42:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysWOW64\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/10/31 17:24:38 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2010/08/11 21:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/12 01:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/12 18:40:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/12/24 16:41:53 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/12/24 16:37:19 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/11/15 01:10:06 | 000,034,120 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/08/07 12:22:08 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\habu.sys -- (HabuFltr)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2009/01/21 19:55:48 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2008/03/13 00:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2011/05/31 15:59:04 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/05/31 15:58:53 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/05/31 14:28:50 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 9A 9D FF 6F 6A CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.gamefaqs.com/"
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.4
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: superfish@superfish.com:1.2.0.12
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.lib****...7777/proxy.pac"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53758
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/23 21:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/23 21:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/12 11:21:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/02 20:01:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/01 16:24:53 | 000,000,000 | ---D | M]

[2009/10/27 15:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2011/09/03 12:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions
[2010/03/26 22:29:27 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/05/18 18:51:27 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2011/08/27 11:14:08 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2011/03/24 00:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}-trash
[2011/08/27 11:14:07 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011/08/18 10:45:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/08/18 10:45:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/13 18:57:47 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2011/09/03 13:53:10 | 000,000,000 | ---D | M] (WindowShopper) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\superfish@superfish.com
[2009/12/07 19:40:51 | 000,002,055 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\searchplugins\daemon-search.xml
[2011/08/29 00:22:09 | 000,001,620 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\searchplugins\swagbuckscom.xml
[2011/05/13 18:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/12 11:21:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/03/23 21:08:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2008/06/11 23:13:32 | 000,075,184 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/09/03 13:54:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E025697-A9FA-4959-9055-8B2C98DADFCF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\E\Shell\setup\command - "" = E:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Installer.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\I\Shell\setup\command - "" = I:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/03 13:54:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/03 12:51:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\My Games
[2011/09/03 12:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2011/09/03 12:05:43 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011/09/03 12:03:00 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\GooredFix Backups
[2011/09/03 12:02:01 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\*****\Desktop\GooredFix.exe
[2011/09/03 11:56:37 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/03 11:55:46 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTM.exe
[2011/09/03 11:49:09 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Registry Backup
[2011/09/03 11:48:19 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\erunt
[2011/09/02 20:53:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/02 20:53:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/02 20:52:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/02 19:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/08/29 18:04:30 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\tdsskiller
[2011/08/26 23:06:53 | 001,119,072 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\Dnetr28ux.sys
[2011/08/26 23:06:53 | 000,326,432 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011/08/18 00:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2011/08/18 00:04:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2011/08/18 00:04:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Sony
[2011/08/18 00:04:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Sony
[2011/08/05 15:50:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\winPadTrust

========== Files - Modified Within 30 Days ==========

[2011/09/03 14:01:45 | 000,854,178 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/03 14:01:45 | 000,715,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/03 14:01:45 | 000,139,360 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/03 13:57:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/03 13:57:05 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/03 13:56:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-148381442-1788448672-2635988242-1000UA.job
[2011/09/03 13:54:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/03 13:42:26 | 006,128,842 | ---- | M] () -- C:\Users\*****\Desktop\ggpo-build-030.zip
[2011/09/03 12:05:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011/09/03 12:03:43 | 001,390,139 | ---- | M] () -- C:\Users\*****\Desktop\tdsskiller.zip
[2011/09/03 12:01:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\*****\Desktop\GooredFix.exe
[2011/09/03 11:55:41 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTM.exe
[2011/09/03 11:27:47 | 130,954,251 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/09/02 19:42:15 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/08/29 20:03:38 | 000,239,630 | ---- | M] () -- C:\Users\*****\Desktop\scanned documents.jpeg
[2011/08/29 10:56:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-148381442-1788448672-2635988242-1000Core.job
[2011/08/29 00:25:34 | 000,062,976 | RHS- | M] () -- C:\Windows\SysWow64\fontsubo.dll
[2011/08/19 18:52:18 | 000,103,741 | ---- | M] () -- C:\Users\*****\Desktop\Security Monitor Resume.pdf
[2011/08/19 18:50:52 | 000,009,209 | ---- | M] () -- C:\Users\*****\Desktop\Security Monitor Application Essay.pdf
[2011/08/17 22:33:30 | 000,018,432 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/11 00:55:17 | 000,572,223 | ---- | M] () -- C:\Users\*****\Desktop\fbcdn video.mp4
[2011/08/06 20:49:45 | 000,170,486 | ---- | M] () -- C:\Users\*****\Desktop\Lecture2_Ethical Theories.pdf

========== Files Created - No Company Name ==========

[2011/09/03 13:42:13 | 006,128,842 | ---- | C] () -- C:\Users\*****\Desktop\ggpo-build-030.zip
[2011/09/03 12:03:40 | 001,390,139 | ---- | C] () -- C:\Users\*****\Desktop\tdsskiller.zip
[2011/09/02 19:42:15 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/08/29 20:04:43 | 000,239,630 | ---- | C] () -- C:\Users\*****\Desktop\scanned documents.jpeg
[2011/08/29 00:25:34 | 000,062,976 | RHS- | C] () -- C:\Windows\SysWow64\fontsubo.dll
[2011/08/26 23:06:53 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\drivers\anodlwfx.sys
[2011/08/26 23:06:53 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/08/19 18:52:13 | 000,103,741 | ---- | C] () -- C:\Users\*****\Desktop\Security Monitor Resume.pdf
[2011/08/19 18:50:52 | 000,009,209 | ---- | C] () -- C:\Users\*****\Desktop\Security Monitor Application Essay.pdf
[2011/08/11 00:55:16 | 000,572,223 | ---- | C] () -- C:\Users\*****\Desktop\fbcdn video.mp4
[2011/08/06 20:49:45 | 000,170,486 | ---- | C] () -- C:\Users\*****\Desktop\Lecture2_Ethical Theories.pdf
[2011/07/26 21:00:35 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/26 21:00:35 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/10 21:24:23 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\FreeImage3.dll
[2011/07/10 21:24:23 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\FreeImage.dll
[2011/07/10 21:24:23 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
[2011/07/10 21:24:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RegisterExe.exe
[2011/05/31 13:50:14 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/12/28 17:15:09 | 000,000,053 | ---- | C] () -- C:\Users\*****\AppData\Roaming\RSBot_Accounts.ini
[2010/12/26 00:55:55 | 000,005,328 | ---- | C] () -- C:\Users\*****\AppData\Roaming\C0D6.490
[2010/10/30 17:30:09 | 000,054,107 | ---- | C] () -- C:\Program Files (x86)\EULA.eng
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/06/11 18:47:10 | 000,000,246 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/03/28 11:34:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/01/07 13:28:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/23 18:08:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/23 18:07:58 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/12/23 18:07:56 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/10 02:59:56 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/03 15:00:28 | 000,018,432 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/26 23:41:00 | 000,000,016 | ---- | C] () -- C:\Windows\entpack.ini
[2009/11/25 20:22:27 | 001,208,320 | ---- | C] () -- C:\Windows\SysWow64\cygxml2-2.dll
[2009/11/25 20:22:27 | 000,980,992 | ---- | C] () -- C:\Windows\SysWow64\cygiconv-2.dll
[2009/11/25 20:22:27 | 000,328,978 | ---- | C] () -- C:\Windows\SysWow64\dvda.exe
[2009/11/25 20:22:27 | 000,062,464 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2009/11/25 16:12:24 | 000,000,133 | ---- | C] () -- C:\Users\*****\AppData\Roaming\burnaware.ini
[2009/11/25 16:08:54 | 000,000,437 | ---- | C] () -- C:\Users\*****\AppData\Roaming\ImageTuner.ini
[2009/11/12 22:54:51 | 000,788,128 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/12 20:51:04 | 000,847,360 | ---- | C] () -- C:\Windows\JS32.dll
[2009/11/06 16:34:56 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2009/11/01 17:43:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/27 23:01:34 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:24:58 | 000,034,699 | ---- | C] () -- C:\Windows\SysWow64\hlp.dat
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/06/20 23:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2005/01/20 21:02:28 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\RMDevice.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/09/03 13:53:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.purple
[2009/11/26 00:00:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\acccore
[2011/06/02 17:34:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Any Video Converter
[2011/07/17 13:59:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Atari
[2011/02/05 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AVG10
[2010/02/27 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bioshock2
[2009/11/02 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bluefive software
[2011/07/26 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Crayon Physics Deluxe
[2009/12/07 19:47:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite
[2011/06/24 17:55:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2009/11/25 23:31:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn
[2010/02/28 20:34:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\iSilo
[2011/07/17 13:58:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech
[2010/01/23 14:45:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ManyCam
[2010/10/30 17:30:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PacificPoker
[2011/08/18 00:04:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2009/10/29 16:24:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Razer
[2011/03/22 15:33:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Rovio
[2009/12/04 21:19:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\runic games
[2010/05/30 14:13:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SecondLife
[2011/07/10 21:24:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Softinterface, Inc
[2011/08/18 00:04:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony
[2011/02/05 14:40:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SystemRequirementsLab
[2011/09/03 13:54:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
[2009/12/04 21:31:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Wippien
[2011/06/03 19:56:52 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >













aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-03 14:22:18
-----------------------------
14:22:18.645 OS Version: Windows x64 6.1.7600
14:22:18.646 Number of processors: 4 586 0xF0B
14:22:18.647 ComputerName: *****-PC UserName: *****
14:22:19.460 Initialize success
14:22:29.451 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
14:22:29.453 Disk 0 Vendor: ST3250410AS 3.AAC Size: 238474MB BusType: 3
14:22:31.470 Disk 0 MBR read successfully
14:22:31.473 Disk 0 MBR scan
14:22:31.476 Disk 0 Windows 7 default MBR code
14:22:31.480 Service scanning
14:22:32.943 Modules scanning
14:22:32.947 Disk 0 trace - called modules:
14:22:32.960 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:22:32.963 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800450c060]
14:22:32.968 3 CLASSPNP.SYS[fffff8800188843f] -> nt!IofCallDriver -> [0xfffffa800417c580]
14:22:32.972 5 ACPI.sys[fffff88000f8f781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa800417e060]
14:22:32.977 Scan finished successfully
14:22:44.116 Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
14:22:44.124 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 03 September 2011 - 03:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I notice that you have a university proxy is the port number correct

Do you still get the redirects ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 53758
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
demonflame5
Posted 03 September 2011 - 04:46 PM

demonflame5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The university proxy should be correct. I remember using a guide to set it up a long time ago, about a year ago.

I am still getting the redirects :)




OTL logfile created on: 9/3/2011 3:36:23 PM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\*****\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 6.63 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 51.17 Gb Free Space | 21.97% Space Free | Partition Type: NTFS

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 12:05:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2011/09/01 16:24:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2006/10/18 23:42:00 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\SysWOW64\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/01 16:24:51 | 001,001,432 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/08 17:55:32 | 000,205,352 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV:64bit: - [2010/04/08 17:55:30 | 000,148,008 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV:64bit: - [2010/04/08 17:55:22 | 000,149,544 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/06/02 19:10:05 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/16 21:41:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 18:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 18:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/18 23:42:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysWOW64\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/10/31 17:24:38 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2010/08/11 21:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/12 01:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/12 18:40:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/12/24 16:41:53 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/12/24 16:37:19 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/11/15 01:10:06 | 000,034,120 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/08/07 12:22:08 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\habu.sys -- (HabuFltr)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2009/01/21 19:55:48 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2008/03/13 00:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2011/05/31 15:59:04 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/05/31 15:58:53 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/05/31 14:28:50 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 9A 9D FF 6F 6A CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.gamefaqs.com/"
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.4
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: superfish@superfish.com:1.2.0.12
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.lib****...7777/proxy.pac"
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/23 21:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/23 21:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/07/12 11:21:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/02 20:01:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/01 16:24:53 | 000,000,000 | ---D | M]

[2009/10/27 15:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2011/09/03 12:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions
[2010/03/26 22:29:27 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/05/18 18:51:27 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2011/08/27 11:14:08 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2011/03/24 00:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}-trash
[2011/08/27 11:14:07 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011/08/18 10:45:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/08/18 10:45:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/13 18:57:47 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2011/09/03 13:53:10 | 000,000,000 | ---D | M] (WindowShopper) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\superfish@superfish.com
[2009/12/07 19:40:51 | 000,002,055 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\searchplugins\daemon-search.xml
[2011/08/29 00:22:09 | 000,001,620 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1a5x6mkq.default\searchplugins\swagbuckscom.xml
[2011/05/13 18:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/12 11:21:32 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/03/23 21:08:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2008/06/11 23:13:32 | 000,075,184 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/09/03 15:30:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E025697-A9FA-4959-9055-8B2C98DADFCF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\E\Shell\setup\command - "" = E:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Installer.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\I\Shell\setup\command - "" = I:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/03 14:21:56 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\*****\Desktop\aswMBR.exe
[2011/09/03 13:54:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/03 12:51:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\My Games
[2011/09/03 12:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2011/09/03 12:05:43 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011/09/03 12:03:00 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\GooredFix Backups
[2011/09/03 12:02:01 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\*****\Desktop\GooredFix.exe
[2011/09/03 11:56:37 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/03 11:55:46 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTM.exe
[2011/09/03 11:49:09 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Registry Backup
[2011/09/03 11:48:19 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\erunt
[2011/09/02 20:53:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/02 20:53:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/02 20:52:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/02 19:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/08/29 18:04:30 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\tdsskiller
[2011/08/26 23:06:53 | 001,119,072 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\Dnetr28ux.sys
[2011/08/26 23:06:53 | 000,326,432 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011/08/18 00:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2011/08/18 00:04:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2011/08/18 00:04:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Sony
[2011/08/18 00:04:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Sony
[2011/08/05 15:50:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\winPadTrust

========== Files - Modified Within 30 Days ==========

[2011/09/03 15:39:12 | 000,854,178 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/03 15:39:12 | 000,715,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/03 15:39:12 | 000,139,360 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/03 15:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/03 15:34:40 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/03 15:30:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/03 14:56:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-148381442-1788448672-2635988242-1000UA.job
[2011/09/03 14:22:44 | 000,000,512 | ---- | M] () -- C:\Users\*****\Desktop\MBR.dat
[2011/09/03 14:22:11 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\*****\Desktop\aswMBR.exe
[2011/09/03 13:42:26 | 006,128,842 | ---- | M] () -- C:\Users\*****\Desktop\ggpo-build-030.zip
[2011/09/03 12:05:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011/09/03 12:03:43 | 001,390,139 | ---- | M] () -- C:\Users\*****\Desktop\tdsskiller.zip
[2011/09/03 12:01:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\*****\Desktop\GooredFix.exe
[2011/09/03 11:55:41 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTM.exe
[2011/09/03 11:27:47 | 130,954,251 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/09/02 19:42:15 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/08/29 20:03:38 | 000,239,630 | ---- | M] () -- C:\Users\*****\Desktop\scanned documents.jpeg
[2011/08/29 10:56:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-148381442-1788448672-2635988242-1000Core.job
[2011/08/29 00:25:34 | 000,062,976 | RHS- | M] () -- C:\Windows\SysWow64\fontsubo.dll
[2011/08/19 18:52:18 | 000,103,741 | ---- | M] () -- C:\Users\*****\Desktop\Security Monitor Resume.pdf
[2011/08/19 18:50:52 | 000,009,209 | ---- | M] () -- C:\Users\*****\Desktop\Security Monitor Application Essay.pdf
[2011/08/17 22:33:30 | 000,018,432 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/11 00:55:17 | 000,572,223 | ---- | M] () -- C:\Users\*****\Desktop\fbcdn video.mp4
[2011/08/06 20:49:45 | 000,170,486 | ---- | M] () -- C:\Users\*****\Desktop\Lecture2_Ethical Theories.pdf

========== Files Created - No Company Name ==========

[2011/09/03 14:22:44 | 000,000,512 | ---- | C] () -- C:\Users\*****\Desktop\MBR.dat
[2011/09/03 13:42:13 | 006,128,842 | ---- | C] () -- C:\Users\*****\Desktop\ggpo-build-030.zip
[2011/09/03 12:03:40 | 001,390,139 | ---- | C] () -- C:\Users\*****\Desktop\tdsskiller.zip
[2011/09/02 19:42:15 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/08/29 20:04:43 | 000,239,630 | ---- | C] () -- C:\Users\*****\Desktop\scanned documents.jpeg
[2011/08/29 00:25:34 | 000,062,976 | RHS- | C] () -- C:\Windows\SysWow64\fontsubo.dll
[2011/08/26 23:06:53 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\drivers\anodlwfx.sys
[2011/08/26 23:06:53 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011/08/19 18:52:13 | 000,103,741 | ---- | C] () -- C:\Users\*****\Desktop\Security Monitor Resume.pdf
[2011/08/19 18:50:52 | 000,009,209 | ---- | C] () -- C:\Users\*****\Desktop\Security Monitor Application Essay.pdf
[2011/08/11 00:55:16 | 000,572,223 | ---- | C] () -- C:\Users\*****\Desktop\fbcdn video.mp4
[2011/08/06 20:49:45 | 000,170,486 | ---- | C] () -- C:\Users\*****\Desktop\Lecture2_Ethical Theories.pdf
[2011/07/26 21:00:35 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/26 21:00:35 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/10 21:24:23 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\FreeImage3.dll
[2011/07/10 21:24:23 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\FreeImage.dll
[2011/07/10 21:24:23 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
[2011/07/10 21:24:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RegisterExe.exe
[2011/05/31 13:50:14 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/12/28 17:15:09 | 000,000,053 | ---- | C] () -- C:\Users\*****\AppData\Roaming\RSBot_Accounts.ini
[2010/12/26 00:55:55 | 000,005,328 | ---- | C] () -- C:\Users\*****\AppData\Roaming\C0D6.490
[2010/10/30 17:30:09 | 000,054,107 | ---- | C] () -- C:\Program Files (x86)\EULA.eng
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/06/11 18:47:10 | 000,000,246 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/03/28 11:34:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/01/07 13:28:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/23 18:08:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/23 18:07:58 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/12/23 18:07:56 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/10 02:59:56 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/03 15:00:28 | 000,018,432 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/26 23:41:00 | 000,000,016 | ---- | C] () -- C:\Windows\entpack.ini
[2009/11/25 20:22:27 | 001,208,320 | ---- | C] () -- C:\Windows\SysWow64\cygxml2-2.dll
[2009/11/25 20:22:27 | 000,980,992 | ---- | C] () -- C:\Windows\SysWow64\cygiconv-2.dll
[2009/11/25 20:22:27 | 000,328,978 | ---- | C] () -- C:\Windows\SysWow64\dvda.exe
[2009/11/25 20:22:27 | 000,062,464 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2009/11/25 16:12:24 | 000,000,133 | ---- | C] () -- C:\Users\*****\AppData\Roaming\burnaware.ini
[2009/11/25 16:08:54 | 000,000,437 | ---- | C] () -- C:\Users\*****\AppData\Roaming\ImageTuner.ini
[2009/11/12 22:54:51 | 000,788,128 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/12 20:51:04 | 000,847,360 | ---- | C] () -- C:\Windows\JS32.dll
[2009/11/06 16:34:56 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2009/11/01 17:43:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/27 23:01:34 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:24:58 | 000,034,699 | ---- | C] () -- C:\Windows\SysWow64\hlp.dat
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/06/20 23:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2005/01/20 21:02:28 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\RMDevice.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/09/03 15:13:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.purple
[2009/11/26 00:00:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\acccore
[2011/06/02 17:34:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Any Video Converter
[2011/07/17 13:59:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Atari
[2011/02/05 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AVG10
[2010/02/27 16:39:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bioshock2
[2009/11/02 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bluefive software
[2011/07/26 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Crayon Physics Deluxe
[2009/12/07 19:47:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite
[2011/06/24 17:55:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2009/11/25 23:31:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn
[2010/02/28 20:34:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\iSilo
[2011/07/17 13:58:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech
[2010/01/23 14:45:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ManyCam
[2010/10/30 17:30:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PacificPoker
[2011/08/18 00:04:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2009/10/29 16:24:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Razer
[2011/03/22 15:33:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Rovio
[2009/12/04 21:19:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\runic games
[2010/05/30 14:13:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SecondLife
[2011/07/10 21:24:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Softinterface, Inc
[2011/08/18 00:04:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony
[2011/02/05 14:40:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SystemRequirementsLab
[2011/09/03 13:54:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
[2009/12/04 21:31:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Wippien
[2011/06/03 19:56:52 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
  • 0

#6
demonflame5
Posted 03 September 2011 - 10:11 PM

demonflame5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Should I just reformat my computer?
  • 0

#7
demonflame5
Posted 03 September 2011 - 11:43 PM

demonflame5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Okay, I started using Chrome again. And the google redirect virus stopped occurring on Chrome and IE. But it continues on firefox...
  • 0

#8
Essexboy
Posted 04 September 2011 - 03:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that narrows it down (I always have problems with FF infections as the add ons are numerous )

Is it only firefox ?

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear.

    Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  • 0

#9
demonflame5
Posted 04 September 2011 - 12:58 PM

demonflame5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
After rebooting my computer this morning the redirect virus started occurring again in google chrome.

HOWEVER, after running the GooredFix, I did 10 searches on both firefox and chrome and there were no google redirects.




GooredFix by jpshortstuff (03.07.10.1)
Log created at 11:55 on 04/09/2011 (Ankur)
Firefox version 3.6.21 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:57 14/05/2011]

C:\Users\Ankur\Application Data\Mozilla\Firefox\Profiles\1a5x6mkq.default\extensions\
superfish@superfish.com [17:45 18/08/2011]
{35106bca-6c78-48c7-ac28-56df30b51d2a} [05:29 27/03/2010]
{6dd0bdba-0a02-429e-b595-87a7dfdca7a1} [01:51 19/05/2011]
{75CEEE46-9B64-46f8-94BF-54012DE155F0} [18:14 27/08/2011]
{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}-trash [07:35 24/03/2011]
{c50ca3c4-5656-43c2-a061-13e717f73fc8} [18:14 27/08/2011]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [17:45 18/08/2011]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [17:45 18/08/2011]
{f701c26a-479a-4724-b4f1-870db12f063c} [01:57 14/05/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video" [04:08 24/03/2011]
"{6904342A-8307-11DF-A508-4AE2DFD72085}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa" [04:08 24/03/2011]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files (x86)\AVG\AVG10\Firefox4\" [20:22 29/03/2011]

---------- Old Logs ----------
GooredFix[19.03.01_03-09-2011].txt

-=E.O.F=-

Edited by demonflame5, 04 September 2011 - 12:59 PM.

  • 0

#10
Essexboy
Posted 04 September 2011 - 01:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer now - Any problems remaining ?
  • 0

Advertisements

#11
demonflame5
Posted 04 September 2011 - 06:26 PM

demonflame5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It's going great. Thanks a lot :).

I'll be sure to donate once I get my job :unsure:.



Is it okay if I can delete this topic? I have a lot of personal information about myself that could lead people to identify who I am.
  • 0

#12
Essexboy
Posted 05 September 2011 - 11:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We do not delete topics. However let me know what you want removed and I will do it for you :yes:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :unsure:
  • 0

#13
demonflame5
Posted 05 September 2011 - 01:33 PM

demonflame5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have bad news. After shutting off the computer last night and turning it on again this morning, the virus is still here.

I think I'm just going to reformat the computer...
  • 0

#14
Essexboy
Posted 05 September 2011 - 02:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a problem - If you could let me know via PM what data you would like removed
  • 0

#15
demonflame5
Posted 05 September 2011 - 04:30 PM

demonflame5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Not a problem - If you could let me know via PM what data you would like removed


The logs say my name and school. Think you could get rid of that?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP