Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engine Redirect [Closed]


  • This topic is locked This topic is locked

#1
Bradwick

Bradwick

    Member

  • Member
  • PipPip
  • 24 posts
I seem to have gotten some sort of redirect that shows up on google search results. Generally it is only on the first search result or the first result that I click on.

I ran Spybot Search and Destroy, as well as Malwarebytes Anti-Malware and I use AVG Anti-Virus Free Edition 2013. I've used those and I've tried the steps located in the "How to fix Google Redirects" thread without success. I've downloaded OTL and run it. Here is the log:

OTL logfile created on: 12/25/2012 9:52:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Brad\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 279.87 Mb Available Physical Memory | 27.37% Memory free
2.40 Gb Paging File | 1.36 Gb Available in Paging File | 56.43% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 161.55 Gb Free Space | 69.37% Space Free | Partition Type: NTFS

Computer Name: MLAPTOP | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/25 21:49:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
PRC - [2012/12/13 13:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/11/06 18:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 18:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 03:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 12:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 12:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 12:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/12/31 23:00:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/05 19:41:32 | 004,426,384 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/12/05 19:41:32 | 001,059,472 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/02/27 06:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 06:22:10 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 05:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 05:40:52 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/02/27 05:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/16 14:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/11 15:10:33 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2011/12/31 23:00:28 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/02 09:50:28 | 000,421,888 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\40x3kxq1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.9.dll
MOD - [2011/11/14 11:05:06 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\40x3kxq1.default\extensions\[email protected]\platform\echofonsign.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2011/05/06 12:07:00 | 004,317,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2011/05/06 12:02:52 | 000,737,280 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/26 07:34:12 | 011,853,824 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
MOD - [2010/10/25 23:37:32 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\phonon4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
MOD - [2010/10/25 23:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2010/10/25 23:23:34 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
MOD - [2010/10/25 23:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
MOD - [2010/10/25 23:06:28 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
MOD - [2010/10/25 23:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/20 12:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoNet.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoXML.dll
MOD - [2010/05/17 08:47:20 | 000,291,840 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
MOD - [2010/05/17 08:47:20 | 000,175,616 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
MOD - [2010/05/17 08:47:18 | 000,110,592 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
MOD - [2009/08/16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/02/27 05:51:14 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/13 13:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/12/11 15:10:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/06 18:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 12:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/05 19:41:32 | 004,426,384 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/27 06:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/27 05:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2009/02/27 05:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/12/25 21:09:29 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{51689F7B-9EE8-4329-9DD8-843C7E9BCA15}\MpKsl705167da.sys -- (MpKsl705167da)
DRV - [2012/10/22 12:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 02:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/05 02:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/02 02:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/21 02:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 02:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 02:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 02:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2009/10/07 00:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 00:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/10/07 00:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/03/04 09:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/08/13 16:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/06/24 14:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/05/17 10:03:00 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/11/16 14:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/22 10:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 10:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 10:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/14 16:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/14 11:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2005/07/12 18:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 24 07 BD 18 C7 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://b-radwick.liv...ad|about:blank"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.2
FF - prefs.js..extensions.enabledAddons: {ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}:2.2.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:2.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}:2.1.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/31 23:00:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/16 13:45:39 | 000,000,000 | ---D | M]

[2009/09/12 14:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Extensions
[2012/05/31 18:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\40x3kxq1.default\extensions
[2010/07/02 09:44:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\40x3kxq1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/31 18:45:53 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\40x3kxq1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2012/05/31 18:45:47 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\40x3kxq1.default\extensions\[email protected]
[2011/06/16 20:59:46 | 000,330,316 | ---- | M] () (No name found) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\40x3kxq1.default\extensions\[email protected]
[2012/04/17 15:14:08 | 000,004,733 | ---- | M] () (No name found) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\40x3kxq1.default\extensions\[email protected]
[2011/12/28 08:29:27 | 000,025,991 | ---- | M] () (No name found) -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\40x3kxq1.default\extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}.xpi
[2012/01/01 13:44:03 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\40x3kxq1.default\searchplugins\the-one-wiki-to-rule-them-all-en.xml
[2009/10/09 19:49:17 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\40x3kxq1.default\searchplugins\youtube-video-search.xml
[2012/11/21 13:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/17 22:14:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/24 17:55:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/09/20 08:22:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/21 13:52:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011/12/31 23:00:31 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/20 13:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/20 13:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/31 23:00:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/31 23:00:26 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/24 12:22:34 | 000,444,843 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15281 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.238.64.12 68.238.96.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F0C44A6-EA69-4A32-A24D-35195A529DC1}: DhcpNameServer = 68.238.64.12 68.238.96.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/05 13:46:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/25 21:49:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2012/12/25 21:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Desktop\GooredFix Backups
[2012/12/25 21:03:18 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brad\Desktop\TDSSKiller.exe
[2012/12/25 21:01:39 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Brad\Desktop\GooredFix.exe
[2012/12/25 20:49:54 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/12/25 20:45:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/12/25 20:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Desktop\Cleaning
[2012/12/25 15:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/12/25 14:14:56 | 000,201,728 | ---- | C] (Freebyte.com) -- C:\Documents and Settings\Brad\Desktop\hjsplit.exe
[2012/12/24 12:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/12/24 08:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Application Data\AVG2013
[2012/12/24 08:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brad\Local Settings\Application Data\Avg2013
[2012/12/13 10:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Brad\My Documents\*.tmp files -> C:\Documents and Settings\Brad\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/25 22:03:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-606747145-1417001333-1003UA.job
[2012/12/25 22:01:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/25 21:49:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brad\Desktop\OTL.exe
[2012/12/25 21:27:22 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/12/25 21:19:33 | 000,202,011 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/12/25 21:19:31 | 000,079,612 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/12/25 21:17:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/25 21:17:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/25 21:10:30 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/25 21:01:50 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Brad\Desktop\GooredFix.exe
[2012/12/25 20:59:33 | 000,428,984 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/25 20:59:33 | 000,069,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/25 19:45:35 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/25 18:41:14 | 436,724,085 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Doctor Who 7x06 - The Snowmen.mp4
[2012/12/25 18:03:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-606747145-1417001333-1003Core.job
[2012/12/25 15:14:06 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/12/25 15:08:43 | 000,013,692 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/25 12:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/12/24 12:22:34 | 000,444,843 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/24 12:02:06 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/12/24 12:02:06 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Brad\Desktop\Spybot - Search & Destroy.lnk
[2012/12/24 11:56:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/19 19:32:01 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/13 10:50:51 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/12/10 14:49:33 | 000,000,201 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2012/12/08 21:20:37 | 000,079,612 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Brad\My Documents\*.tmp files -> C:\Documents and Settings\Brad\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/25 19:59:30 | 436,724,085 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Doctor Who 7x06 - The Snowmen.mp4
[2012/12/25 15:19:59 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/12/25 15:14:06 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/12/25 15:10:04 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/24 12:02:06 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/12/24 12:02:06 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Brad\Desktop\Spybot - Search & Destroy.lnk
[2012/12/24 11:56:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/13 10:50:50 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2011/12/31 12:02:14 | 000,012,990 | -HS- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\210ix62kx62y12744267ukpick4g023cen2wf40834k
[2011/12/31 12:02:14 | 000,012,990 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\210ix62kx62y12744267ukpick4g023cen2wf40834k
[2010/12/30 10:57:56 | 000,000,201 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/09/30 21:22:40 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/09/05 17:19:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/13 10:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2009/09/12 13:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/12/25 15:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2011/12/31 13:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/31 21:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2011/11/08 14:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/12/25 18:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/12/25 15:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/16 20:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/08/07 14:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 15:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/12/31 18:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\AVG
[2011/12/31 15:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\AVG2012
[2012/12/24 08:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\AVG2013
[2012/07/02 11:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Azureus
[2011/07/28 08:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\calibre
[2010/07/04 14:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Clone2Go Video Converter Professional
[2009/09/12 12:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Delicious IE Extension
[2011/06/16 20:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brad\Application Data\Trillian

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7578EF04

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
Bradwick

Bradwick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thank you for your help, Gringo, I really appreciate it.

Here is the log from security check:
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
AVG PC Tuneup
Java™ 6 Update 37
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (9.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



Here is the adw file:
# AdwCleaner v2.103 - Logfile created 12/26/2012 at 16:35:46
# Updated 25/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Brad - MLAPTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Brad\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Key Found : HKLM\Software\TENCENT

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (en-US)

File : C:\Documents and Settings\Brad\Application Data\Mozilla\Firefox\Profiles\40x3kxq1.default\prefs.js

Found : user_pref("browser.startup.homepage", "hxxp://b-radwick.livejournal.com/friends/tv%20communities|htt[...]
Found : user_pref("extensions.twitternotifier.configuration", "{\"config\":{\"photo_sizes\":{\"thumb\":{\"w\[...]

File : C:\Documents and Settings\Margaret\Application Data\Mozilla\Firefox\Profiles\q525nbnz.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\00tya313.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1431 octets] - [26/12/2012 16:35:46]

########## EOF - C:\AdwCleaner[R1].txt - [1491 octets] ##########




Here is the RogueKiller report:

RogueKiller V8.4.1 [Dec 24 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Brad [Admin rights]
Mode : Remove -- Date : 12/26/2012 18:11:40

¤¤¤ Bad processes : 1 ¤¤¤
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : nvHotkey.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe nvHotkey.dll,Start) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250315AS +++++
--- User ---
[MBR] 6e595b5808d43eef15fbb4daf9c1821d
[BSP] f1fa5220e48e32064eff248392dec473 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12262012_02d1811.txt >>
RKreport[1]_S_12262012_02d1811.txt ; RKreport[2]_D_12262012_02d1811.txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP