Solved Firefox and Google keep redirecting

[shine123]

2nd log.

OTL logfile created on: 18/02/2012 23:37:50 - Run 5
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\P J\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.65% Memory free
4.22 Gb Paging File | 3.31 Gb Available in Paging File | 78.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52.73 Gb Total Space | 9.05 Gb Free Space | 17.16% Space Free | Partition Type: NTFS
Drive D: | 53.20 Gb Total Space | 7.51 Gb Free Space | 14.12% Space Free | Partition Type: FAT32
Drive F: | 483.72 Mb Total Space | 483.39 Mb Free Space | 99.93% Space Free | Partition Type: FAT

Computer Name: PJ | User Name: P J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/18 22:22:38 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\P J\Desktop\OTL.exe
PRC - [2012/01/20 18:16:56 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/11/28 18:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/23 07:01:32 | 003,380,632 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/03/18 00:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\Zonelabs\vsmon.exe
PRC - [2011/03/18 00:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/12/09 14:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2009/07/22 14:49:12 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE
PRC - [2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/14 03:42:24 | 000,409,600 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2008/06/10 11:34:04 | 000,159,744 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2008/06/05 09:45:24 | 000,352,256 | ---- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008/03/07 04:26:20 | 001,694,656 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2007/01/02 17:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2005/07/25 03:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/18 23:37:14 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/02/18 23:37:14 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/02/13 21:01:13 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/02/13 21:01:13 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2008/06/10 11:34:04 | 000,159,744 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
MOD - [2006/11/25 02:37:38 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2005/07/25 03:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (getPlus(R) Helper) getPlus(R)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/11 22:34:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/13 20:10:33 | 001,036,104 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/29 15:21:22 | 000,149,896 | ---- | M] (Microsoft ® Corporation) [Auto | Stopped] -- C:\Users\P J\IAG Remote Access Agent\webmailtflgovuk\webmail1\uagqecsvc.exe -- (uagqecsvc)
SRV - [2011/03/18 00:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\Zonelabs\vsmon.exe -- (vsmon)
SRV - [2009/12/09 14:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/10/20 18:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/22 14:49:12 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\System32\ASTSRV.EXE -- (ASTSRV)
SRV - [2009/07/22 14:49:12 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (ASTCC)
SRV - [2008/07/14 03:42:24 | 000,409,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008/06/05 09:45:24 | 000,352,256 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 09:59:44 | 000,122,512 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/01/02 17:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2006/12/11 11:12:06 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
SRV - [2006/11/17 10:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [Disabled | Stopped] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006/10/26 08:29:42 | 000,074,008 | ---- | M] (OSA Technologies Inc., An Avocent Company) [Disabled | Stopped] -- C:\Acer\Empowering Technology\awServ.exe -- (AWService)
SRV - [2005/02/09 02:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Disabled | Stopped] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/09 15:50:58 | 000,089,888 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2010/06/24 13:52:08 | 000,028,256 | ---- | M] (Jaksta LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JakNDis.sys -- (JakNDisMP)
DRV - [2010/06/24 13:52:08 | 000,028,256 | ---- | M] (Jaksta LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\JakNDis.sys -- (JakNDis)
DRV - [2010/05/15 15:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/10/20 18:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/06/30 20:08:49 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/19 20:37:29 | 000,046,864 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/06/19 20:37:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/06/19 20:37:27 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/07 13:24:27 | 000,097,216 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/10/18 23:29:40 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/08/20 15:13:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/02/16 00:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/04 00:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006/11/29 05:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/11/27 16:36:12 | 000,847,392 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2006/11/25 02:46:38 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/09 00:56:42 | 000,010,944 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\osanbm.sys -- (osanbm)
DRV - [2006/11/06 06:48:36 | 000,013,904 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\osaio.sys -- (osaio)
DRV - [2006/11/02 07:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/10/13 05:45:30 | 000,037,296 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2006/08/04 09:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/06 05:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/05/12 15:08:46 | 000,119,552 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aver7700.sys -- (aver7700)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/02/03 21:18:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/03 21:18:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\P J\AppData\Roaming\IDM\idmmzcc5 [2011/12/04 18:39:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\P J\AppData\Roaming\IDM\idmmzcc5 [2011/12/04 18:39:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/18 21:09:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMTray.exe] C:\Acer\Empowering Technology\amtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PJ
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EF374E6-F289-4B40-8ABF-9470AC7F7E70}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACE49B86-D212-43BF-83EB-E6EC10A4D5D9}: DhcpNameServer = 172.20.114.80 172.20.114.81 172.20.114.141
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\P J\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\P J\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/25 02:55:35 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/01/12 20:29:12 | 000,000,027 | -H-- | M] () - F:\Autorun.ini -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\P J\Desktop\logs 19 fe
[2012/02/18 23:29:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\P J\Desktop\TFC.exe
[2012/02/18 22:22:12 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\P J\Desktop\OTL.exe
[2012/02/18 21:20:00 | 000,000,000 | ---D | C] -- C:\Users\P J\AppData\Local\temp
[2012/02/18 21:09:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/18 20:54:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/18 19:05:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/18 14:43:13 | 000,000,000 | ---D | C] -- C:\Users\P J\Desktop\Logs 18 Feb
[2012/02/18 14:42:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/17 17:36:23 | 004,406,994 | R--- | C] (Swearware) -- C:\Users\P J\Desktop\ComboFix.exe
[2012/02/17 00:10:13 | 000,000,000 | ---D | C] -- C:\Users\P J\Desktop\Logs 17 Feb
[2012/02/17 00:05:32 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\P J\Desktop\aswMBR.exe
[2012/02/16 19:48:56 | 000,000,000 | ---D | C] -- C:\Users\P J\Desktop\Logs 16 Feb
[2012/02/16 19:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/16 19:16:53 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/16 19:16:52 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/16 19:16:44 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/16 19:16:42 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/16 19:16:40 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/16 19:16:35 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/16 19:14:25 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/16 19:14:24 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/16 19:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/16 19:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/16 18:40:32 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\P J\Desktop\boot_cleaner.exe
[2012/02/15 21:00:53 | 000,000,000 | ---D | C] -- C:\Users\P J\Desktop\New Folder
[2012/02/15 18:57:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/15 18:57:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/15 18:57:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/14 20:02:41 | 000,021,848 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/02/14 19:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/02/14 19:51:21 | 000,000,000 | ---D | C] -- C:\Users\P J\AppData\Roaming\IObit
[2012/02/14 19:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/02/14 14:32:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/13 21:00:49 | 000,000,000 | ---D | C] -- C:\Users\P J\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/13 21:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/13 21:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/13 21:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/13 20:10:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/02/12 23:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/12 23:08:20 | 000,000,000 | ---D | C] -- C:\Users\P J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/12 14:04:49 | 000,000,000 | ---D | C] -- C:\Users\P J\AppData\Roaming\Malwarebytes
[2012/02/12 14:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/12 14:04:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/12 14:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/12 14:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/05 18:48:32 | 000,000,000 | ---D | C] -- C:\Users\P J\AppData\Roaming\Nuance
[2012/02/05 18:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Dolphin
[2012/02/05 17:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012/02/05 10:21:32 | 000,000,000 | ---D | C] -- C:\Users\P J\AppData\Roaming\Nokia Suite
[2012/02/03 21:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012/02/03 21:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/02/03 21:12:40 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012/02/03 21:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012/01/25 21:27:24 | 000,000,000 | ---D | C] -- C:\Users\P J\Documents\My Streaming Media
[2012/01/23 20:53:27 | 000,000,000 | ---D | C] -- C:\Users\P J\AppData\Local\Google
[2012/01/21 12:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2012/01/21 12:43:18 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2012/01/21 01:59:20 | 000,000,000 | ---D | C] -- C:\inetpub
[2010/08/08 19:26:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2008/04/19 22:44:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\P J\AppData\Roaming\pcouffin.sys
[2003/05/30 21:36:24 | 000,438,272 | ---- | C] (Gabest) -- C:\Program Files\VSRip.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/18 23:36:01 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012/02/18 23:34:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/18 23:33:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 23:33:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 23:33:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/18 23:32:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/18 23:29:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\P J\Desktop\TFC.exe
[2012/02/18 23:29:21 | 000,337,039 | ---- | M] () -- C:\Users\P J\Desktop\FSS.exe
[2012/02/18 23:28:40 | 000,869,194 | ---- | M] () -- C:\Users\P J\Desktop\SecurityCheck.exe
[2012/02/18 22:22:38 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\P J\Desktop\OTL.exe
[2012/02/18 21:09:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/18 19:14:08 | 000,086,016 | ---- | M] () -- C:\Users\P J\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/18 17:57:15 | 000,000,990 | ---- | M] () -- C:\Users\P J\Desktop\Office Word 2007.lnk
[2012/02/17 17:36:23 | 004,406,994 | R--- | M] (Swearware) -- C:\Users\P J\Desktop\ComboFix.exe
[2012/02/17 00:08:18 | 000,568,832 | ---- | M] () -- C:\Users\P J\Desktop\BTKR_RunBox.exe
[2012/02/16 19:16:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/16 19:00:49 | 000,302,592 | ---- | M] () -- C:\Users\P J\Desktop\333t5my4.exe
[2012/02/15 17:09:15 | 000,383,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 15:33:43 | 000,002,479 | ---- | M] () -- C:\Users\P J\Desktop\HiJackThis.lnk
[2012/02/15 09:37:41 | 001,445,419 | ---- | M] () -- C:\Users\P J\Desktop\bookmarks.html
[2012/02/14 20:47:34 | 000,001,356 | ---- | M] () -- C:\Users\P J\AppData\Local\d3d9caps.dat
[2012/02/14 18:43:32 | 001,008,141 | ---- | M] () -- C:\Users\P J\Desktop\rkill.exe
[2012/02/13 21:09:12 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/02/12 23:24:04 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\P J\Desktop\aswMBR.exe
[2012/02/12 17:09:51 | 000,304,311 | ---- | M] () -- C:\Users\P J\AppData\Local\census.cache
[2012/02/12 17:09:33 | 000,251,969 | ---- | M] () -- C:\Users\P J\AppData\Local\ars.cache
[2012/02/12 16:45:01 | 000,000,036 | ---- | M] () -- C:\Users\P J\AppData\Local\housecall.guid.cache
[2012/02/05 20:08:42 | 000,689,350 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/05 20:08:42 | 000,136,008 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/30 21:07:44 | 000,002,621 | ---- | M] () -- C:\Users\P J\Desktop\Office Excel 2007.lnk
[2012/01/22 11:01:35 | 000,001,025 | ---- | M] () -- C:\Users\P J\AppData\Roaming\DVDSubEdit.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/18 23:29:11 | 000,337,039 | ---- | C] () -- C:\Users\P J\Desktop\FSS.exe
[2012/02/18 23:28:38 | 000,869,194 | ---- | C] () -- C:\Users\P J\Desktop\SecurityCheck.exe
[2012/02/17 00:08:15 | 000,568,832 | ---- | C] () -- C:\Users\P J\Desktop\BTKR_RunBox.exe
[2012/02/16 19:00:47 | 000,302,592 | ---- | C] () -- C:\Users\P J\Desktop\333t5my4.exe
[2012/02/15 22:01:12 | 000,731,136 | ---- | C] () -- C:\Users\P J\Desktop\avenger.exe
[2012/02/15 18:57:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/15 18:57:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/15 18:57:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/15 18:57:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/15 18:57:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/15 09:37:39 | 001,445,419 | ---- | C] () -- C:\Users\P J\Desktop\bookmarks.html
[2012/02/14 18:43:25 | 001,008,141 | ---- | C] () -- C:\Users\P J\Desktop\rkill.exe
[2012/02/12 23:08:20 | 000,002,479 | ---- | C] () -- C:\Users\P J\Desktop\HiJackThis.lnk
[2012/02/12 17:09:51 | 000,304,311 | ---- | C] () -- C:\Users\P J\AppData\Local\census.cache
[2012/02/12 17:09:33 | 000,251,969 | ---- | C] () -- C:\Users\P J\AppData\Local\ars.cache
[2012/02/12 16:45:01 | 000,000,036 | ---- | C] () -- C:\Users\P J\AppData\Local\housecall.guid.cache
[2012/01/03 22:43:54 | 000,245,760 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2011/07/19 22:22:16 | 000,001,025 | ---- | C] () -- C:\Users\P J\AppData\Roaming\DVDSubEdit.ini
[2011/07/19 22:05:19 | 001,216,512 | ---- | C] () -- C:\Program Files\DVDSubEdit.exe
[2011/04/11 09:00:42 | 000,000,557 | ---- | C] () -- C:\Users\P J\AppData\Roaming\AutoGK.ini
[2011/04/10 19:14:22 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2011/03/29 21:33:28 | 000,000,000 | ---- | C] () -- C:\Users\P J\AppData\Roaming\er456541.ini
[2010/08/08 19:26:11 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2010/06/26 19:32:22 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2010/06/26 19:32:22 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2010/06/26 19:32:10 | 000,253,952 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2010/06/26 19:32:09 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2010/04/01 22:16:13 | 000,000,120 | ---- | C] () -- C:\Users\P J\AppData\Local\Iweruk.dat
[2010/04/01 22:16:13 | 000,000,000 | ---- | C] () -- C:\Users\P J\AppData\Local\Byiwex.bin
[2010/01/29 23:55:13 | 000,016,096 | ---- | C] () -- C:\Users\P J\AppData\Local\Schedule8.dat
[2009/08/09 17:21:20 | 000,000,054 | ---- | C] () -- C:\Users\P J\AppData\Roaming\burnaware.ini
[2009/01/10 00:33:43 | 000,000,073 | ---- | C] () -- C:\Users\P J\AppData\Roaming\LSV6.dat
[2008/04/19 22:44:34 | 000,007,887 | ---- | C] () -- C:\Users\P J\AppData\Roaming\pcouffin.cat
[2008/04/19 22:44:34 | 000,001,144 | ---- | C] () -- C:\Users\P J\AppData\Roaming\pcouffin.inf
[2008/04/16 00:11:11 | 000,001,356 | ---- | C] () -- C:\Users\P J\AppData\Local\d3d9caps.dat
[2008/04/02 16:43:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/01/18 01:32:23 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/01/18 00:49:17 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/01/18 00:37:00 | 000,007,974 | ---- | C] () -- C:\Users\P J\AppData\Roaming\UserTile.png
[2008/01/17 09:35:26 | 000,086,016 | ---- | C] () -- C:\Users\P J\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2008/01/17 09:34:04 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\Acer
[2010/11/07 17:22:08 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\avidemux
[2010/09/19 20:46:47 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\BackTalk
[2012/02/18 22:15:59 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\DMCache
[2008/10/26 11:38:47 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\Gold Wave Editor
[2011/05/08 18:13:07 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\HandBrake
[2011/12/01 21:29:55 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\ICAClient
[2012/02/14 20:03:10 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\IDM
[2008/07/19 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\Imagenomic
[2008/05/09 17:06:27 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\ImgBurn
[2012/01/15 16:39:22 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\ImTOO
[2012/02/14 23:14:20 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\IObit
[2011/01/13 21:35:50 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\Jaksta
[2008/01/18 01:53:26 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\LEAPS
[2009/10/09 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\Logs
[2010/11/06 23:18:11 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\mkvtoolnix
[2012/02/03 21:21:04 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\Nokia
[2010/12/02 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\Nokia Ovi Suite
[2012/02/05 10:21:32 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\Nokia Suite
[2012/02/05 18:48:32 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\Nuance
[2012/01/14 15:57:41 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\onOne Software
[2008/08/25 12:26:02 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\PanoramaStudio
[2010/05/11 22:32:15 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\PC Suite
[2008/01/18 00:37:00 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\PeerNetworking
[2008/01/18 01:51:33 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\Pegasys Inc
[2008/02/25 03:07:40 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\proDAD
[2008/08/25 12:20:11 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\PTGui Pro
[2010/10/19 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\Thinstall
[2012/01/21 00:48:28 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\Vso
[2008/07/04 00:13:22 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\WinAVI
[2010/10/29 23:32:52 | 000,000,000 | ---D | M] -- C:\Users\P J\AppData\Roaming\YouTube HD Transfer
[2012/02/13 21:09:12 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/02/18 23:32:42 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

[Broni]

Good

Go on with other steps.

 

[shine123]

checkup log

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 1 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
ZoneAlarm
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
SUPERAntiSpyware
CCleaner (remove only)
Adobe Flash Player 11.1.102.55
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````

 

[shine123]

fss log

Farbar Service Scanner Version: 14-02-2012
Ran by P J (administrator) on 18-02-2012 at 23:59:32
Running from "C:\Users\P J\Desktop"
Windows Vista (TM) Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-06-08 21:02] - [2008-01-19 07:34] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2008-06-08 21:03] - [2008-01-19 05:57] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-01-13 21:42] - [2010-04-05 17:03] - 0902024 ____A (Microsoft Corporation) A6A02EF5B5E40FBD31A1ADC577DA54BB

C:\Windows\system32\dnsrslvr.dll
[2008-06-08 21:02] - [2008-01-19 07:34] - 0086528 ____A (Microsoft Corporation) F5A0F1DA1ED8B429597E71D27D976E31

C:\Windows\system32\mpssvc.dll
[2008-06-08 21:04] - [2008-01-19 07:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2011-01-13 21:42] - [2010-04-05 16:28] - 0328704 ____A (Microsoft Corporation) 6A7F9DBFF69A04A05E85119A55BE0991

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-06-08 21:04] - [2008-01-19 07:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-06-08 21:03] - [2008-01-19 07:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-06-08 21:02] - [2008-01-19 07:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-06-08 21:04] - [2008-01-19 07:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-08-21 20:00] - [2008-04-18 05:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-06-08 21:02] - [2008-01-19 07:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-06-26 19:42] - [2009-03-03 04:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

 

[shine123]

ESET log

C:\Program Files\MagicDVDRipper\Keygen.exe probably a variant of Win32/Agent.KUXMIEN trojan
D:\Programmes\wedalbgold_frodo\Wedding Album Maker Gold v2.92\Wedding.Album.Maker.Gold.v.2.92\eclwa29a.exe probably a variant of Win32/Agent.EQDUVON trojan


It seems the redirections has stopped.

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 2 installation!!!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[shine123]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: P J
->Temp folder emptied: 651557455 bytes
->Temporary Internet Files folder emptied: 13348363 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 634.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: P J
->Flash cache emptied: 0 bytes

User: Public

User: user

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: P J
->Java cache emptied: 0 bytes

User: Public

User: user

Total Java Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.33.0 log created on 02192012_200325

Files\Folders moved on Reboot...
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PM.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PR.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PS.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PT.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PW.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\PY.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\QA.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\RE.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\RO.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\RS.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\RU.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\RW.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SA.gif not found!
File\Folder C:\Users\P J\AppData\Local\Temp\__SkypeIEToolbar_Cache\e70d95847a8f5723cfca6b3fd9946506\static\famfamfam\SB.gif not found!
File move failed. C:\Windows\S728858A8.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

[shine123]

Thanks for all your help Broni, you are a life saver!

 

[Broni]

Way to go!!

Good luck and stay safe

 

[shine123]

the computer seems fine now, thanks again for your help.

 

[Broni]

You're very welcome