Inactive Google searches in Firefox get redirected

OLAnEEUU · Aug 24, 2010

I have had this issue for a while but it has gotten worse. Any google search result gets redirected or hijacked when I click on it. If I go back to the original search result link and click it again, then it takes me to the right page. This is annoying! Attached are my recent logs/scans.

crunchie · Aug 24, 2010

Hi and welcome to TechSpot forums

.

====

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste back here.

OLAnEEUU · Aug 24, 2010

OTL ran

Every time I boot up the computer I get a window that says "desktop" notepad and it gives the following code:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

I turn it off, but I'd prefer to remove extraneous messages like these. Hopefully we can take care of these annoyances.

The OTL logs are attached (4X too long to be pasted into the message)

crunchie · Aug 24, 2010

crunchie said:
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste back here.
[/list]

Please read ALL instructions.

==

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:Files
C:\Program Files\csrss.exe
C:\WINDOWS\tasks\piquydjf.job
C:\WINDOWS\System32\bosybjqf.ini
C:\WINDOWS\System32\qnwsbptf.ini
C:\WINDOWS\System32\bvdoqhcr.ini
C:\WINDOWS\System32\vtjpdwaa.ini
C:\WINDOWS\System32\racutopm.ini
C:\WINDOWS\System32\uyerapoy.ini
C:\WINDOWS\System32\elahakaf.ini
C:\WINDOWS\System32\xusdsngm.ini
C:\WINDOWS\System32\egozuhom.ini
C:\WINDOWS\System32\xsukebxc.ini
C:\WINDOWS\System32\yGgfeMoq.ini2
C:\WINDOWS\System32\yGgfeMoq.ini
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\csrss.exe -- (QTUpdate)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\fecb.sys -- (fecb)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\2351022839d039ba5eb8c1b8d917bdab.sys -- (2351022839d039ba5eb8c1b8d917bdab)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {19090308-636D-4e9b-A1CE-A647B6F794BF} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O20 - AppInit_DLLs: (nzajsx.dll) -  File not found
O20 - AppInit_DLLs: (ttvfgf.dll) -  File not found
O20 - AppInit_DLLs: (bcwivw.dll brgynz.dll) -  File not found
O20 - Winlogon\Notify\SDNotify: DllName - C:\Program Files\Max Spyware Detector\SDNotify.dll - C:\Program Files\Max Spyware Detector\SDNotify.dll File not found
:Commands
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

OLAnEEUU · Aug 24, 2010

OTL fix run

I got the following result:

All processes killed
========== FILES ==========
File\Folder C:\Program Files\csrss.exe not found.
C:\WINDOWS\tasks\piquydjf.job moved successfully.
C:\WINDOWS\System32\bosybjqf.ini moved successfully.
C:\WINDOWS\System32\qnwsbptf.ini moved successfully.
C:\WINDOWS\System32\bvdoqhcr.ini moved successfully.
C:\WINDOWS\System32\vtjpdwaa.ini moved successfully.
C:\WINDOWS\System32\racutopm.ini moved successfully.
C:\WINDOWS\System32\uyerapoy.ini moved successfully.
C:\WINDOWS\System32\elahakaf.ini moved successfully.
C:\WINDOWS\System32\xusdsngm.ini moved successfully.
C:\WINDOWS\System32\egozuhom.ini moved successfully.
C:\WINDOWS\System32\xsukebxc.ini moved successfully.
C:\WINDOWS\System32\yGgfeMoq.ini2 moved successfully.
C:\WINDOWS\System32\yGgfeMoq.ini moved successfully.
========== OTL ==========
Service QTUpdate stopped successfully!
Service QTUpdate deleted successfully!
File C:\Program Files\csrss.exe not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll not found.
Service fecb stopped successfully!
Service fecb deleted successfully!
File C:\WINDOWS\System32\fecb.sys not found.
Service 2351022839d039ba5eb8c1b8d917bdab stopped successfully!
Service 2351022839d039ba5eb8c1b8d917bdab deleted successfully!
File C:\WINDOWS\System32\2351022839d039ba5eb8c1b8d917bdab.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19090308-636D-4e9b-A1CE-A647B6F794BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19090308-636D-4e9b-A1CE-A647B6F794BF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:nzajsx.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:ttvfgf.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:bcwivw.dll brgynz.dll deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDNotify\ scheduled to be deleted on reboot.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Ronald Oltmanns
->Flash cache emptied: 1351 bytes

User: Sweet Angela
->Flash cache emptied: 0 bytes

User: Sweet Boys

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Ronald Oltmanns
->Temp folder emptied: 1890856 bytes
->Temporary Internet Files folder emptied: 8897165 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Sweet Angela
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Sweet Boys
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 121940 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 50771712 bytes

Total Files Cleaned = 59.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.10.0 log created on 08242010_083201

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_820.dat not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDNotify\ scheduled to be deleted on reboot.

I'll run Quick Scan now and post in my next reply

OLAnEEUU · Aug 24, 2010

OTL second run

I tried to paste results from the second run into this message box, but the text was too long, so I'm doing this in parts. I am also attaching the report to this reply since it won't fit.

OTL logfile created on: 8/24/2010 8:40:44 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Ronald Oltmanns\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 101.47 Gb Free Space | 68.12% Space Free | Partition Type: NTFS
Drive D: | 60.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DV1-200709
Current User Name: Ronald Oltmanns
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 02:31:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ronald Oltmanns\Desktop\OTL.exe
PRC - [2010/08/04 23:00:50 | 000,424,632 | ---- | M] (Max Secure Software) -- C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:20 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/09 16:43:48 | 000,090,056 | ---- | M] (Max Secure Software) -- C:\Program Files\Max File Shredder\MFSSystemTray.exe
PRC - [2010/03/02 11:28:32 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:10 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/11 22:47:40 | 000,651,208 | ---- | M] (Max Secure Software www.maxpcsecure.com) -- C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
PRC - [2010/01/14 22:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/08/18 05:30:12 | 002,200,576 | ---- | M] (1&1 Internet Inc) -- C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/17 19:01:02 | 003,039,232 | ---- | M] (South River Technologies, LLC) -- C:\Program Files\WebDrive\webdrive.exe
PRC - [2008/01/17 19:00:56 | 002,838,528 | ---- | M] (South River Technologies, LLC) -- C:\Program Files\WebDrive\wdService.exe
PRC - [2008/01/11 20:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/11/19 18:07:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/09/30 21:33:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/14 16:57:24 | 001,945,688 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2007/06/14 16:48:48 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2007/06/14 16:48:42 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2007/06/14 16:44:18 | 001,169,720 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/01/05 02:27:32 | 000,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/12/22 08:38:40 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2003/08/04 17:28:18 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe

========== Modules (SafeList) ==========

MOD - [2010/08/24 02:31:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ronald Oltmanns\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/08/04 23:00:50 | 000,424,632 | ---- | M] (Max Secure Software) [Auto | Running] -- C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe -- (MaxWatchDogService)
SRV - [2010/08/04 23:00:34 | 000,409,784 | ---- | M] (Max Secure Software) [On_Demand | Stopped] -- C:\Program Files\Max Spyware Detector\MaxDSrv.exe -- (MaxDSrv)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:20 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:10 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/01/17 19:00:56 | 002,838,528 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2007/11/19 18:07:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/06/14 16:48:42 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/01/05 02:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/08/04 23:01:56 | 000,037,560 | ---- | M] (Max Secure Software) [Kernel | Auto | Stopped] -- C:\Program Files\Max Spyware Detector\MaxNpf.sys -- (MaxNPF)
DRV - [2010/08/04 23:01:54 | 000,031,416 | ---- | M] (Max Secure Software) [Kernel | System | Running] -- C:\Program Files\Max Spyware Detector\MaxProc.sys -- (MaxProc)
DRV - [2010/08/04 23:01:52 | 000,034,488 | ---- | M] (Max Secure Software) [Kernel | System | Running] -- C:\Program Files\Max Spyware Detector\SDManager.sys -- (SDManager)
DRV - [2010/08/04 23:01:52 | 000,030,392 | ---- | M] (Max Secure Software) [File_System | Auto | Running] -- C:\Program Files\Max Spyware Detector\MaxProtector.sys -- (MaxProtector)
DRV - [2010/08/04 23:01:50 | 000,032,952 | ---- | M] (Max Secure Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\Max Spyware Detector\SDActMon.sys -- (SDActMon)
DRV - [2010/03/01 10:05:26 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:02 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 13:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/17 18:39:44 | 000,178,176 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2007/09/24 16:29:57 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/09/24 16:29:57 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/09/24 16:29:54 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/06/26 14:06:20 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/06/13 20:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/13 19:25:14 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/06/13 19:21:16 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/02/25 12:10:48 | 000,005,376 | ---- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=62125&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/21 15:45:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/21 15:47:01 | 000,000,000 | ---D | M]

[2008/12/17 16:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald Oltmanns\Application Data\Mozilla\Extensions
[2010/08/23 11:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ronald Oltmanns\Application Data\Mozilla\Firefox\Profiles\betym3gv.default\extensions
[2009/07/07 13:49:03 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Ronald Oltmanns\Application Data\Mozilla\Firefox\Profiles\betym3gv.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/08 09:38:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ronald Oltmanns\Application Data\Mozilla\Firefox\Profiles\betym3gv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/04 13:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald Oltmanns\Application Data\Mozilla\Firefox\Profiles\betym3gv.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/06/16 08:48:39 | 000,000,000 | ---D | M] (AAdvantage eShoppingSM Toolbar) -- C:\Documents and Settings\Ronald Oltmanns\Application Data\Mozilla\Firefox\Profiles\betym3gv.default\extensions\{861d02ef-6fd9-4ce1-954a-90ee3a4de31c}
[2009/08/03 10:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ronald Oltmanns\Application Data\Mozilla\Firefox\Profiles\betym3gv.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/12/17 16:40:34 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Ronald Oltmanns\Application Data\Mozilla\Firefox\Profiles\betym3gv.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/08/23 11:10:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/30 20:52:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/12/21 08:53:33 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/12/21 08:53:33 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/12/21 08:53:38 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2009/07/15 10:59:53 | 000,099,216 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/12/21 08:53:32 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

crunchie · Aug 24, 2010

Are you still being re-directed? If so, please do the following;

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

OLAnEEUU · Aug 24, 2010

OTL second run (part two)

O1 HOSTS File: ([2010/08/24 08:32:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MaxFileShredder] C:\Program Files\Max File Shredder\MFSSystemTray.exe (Max Secure Software)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLURC.exe (Max Secure Software)
O4 - HKLM..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe (Max Secure Software www.maxpcsecure.com)
O4 - HKLM..\Run: [SDActiveMonitor] C:\Program Files\Max Spyware Detector\MaxSDTray.exe (Max Secure Software)
O4 - HKLM..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC)
O4 - HKCU..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet Inc)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Ronald Oltmanns\Desktop\OTL.exe (OldTimer Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = Reg Error: Unknown registry data type File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ameritrade.com ([research] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dailygraphs.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: investors.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([wwws] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mcneillgroup.webex.com/client/T25L/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (bcwivw.dll) - File not found
O20 - AppInit_DLLs: (brgynz.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDNotify: DllName - C:\Program Files\Max Spyware Detector\SDNotify.dll - C:\Program Files\Max Spyware Detector\SDNotify.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Ronald Oltmanns\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ronald Oltmanns\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4eeadacc-6e4e-47ba-be28-944a85e343fb} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\qoMefgGy) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{419ff059-72a9-11dc-a784-001aa08f95d4}\Shell - "" = AutoRun
O33 - MountPoints2\{419ff059-72a9-11dc-a784-001aa08f95d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{419ff05a-72a9-11dc-a784-001aa08f95d4}\Shell - "" = AutoRun
O33 - MountPoints2\{419ff05a-72a9-11dc-a784-001aa08f95d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{419ff05e-72a9-11dc-a784-001aa08f95d4}\Shell\AutoRun\command - "" = G:\JDSecure\Windows\JDSecure31.exe -- File not found
O33 - MountPoints2\{53f01ffe-6dc7-11dc-a780-001aa08f95d4}\Shell - "" = AutoRun
O33 - MountPoints2\{53f01ffe-6dc7-11dc-a780-001aa08f95d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7397bf4c-b1c8-11de-a818-001aa08f95d4}\Shell - "" = AutoRun
O33 - MountPoints2\{7397bf4c-b1c8-11de-a818-001aa08f95d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8bdea642-5c48-11de-a804-001aa08f95d4}\Shell - "" = AutoRun
O33 - MountPoints2\{8bdea642-5c48-11de-a804-001aa08f95d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a3c754a4-c6ed-11dd-a7c2-001aa08f95d4}\Shell - "" = AutoRun
O33 - MountPoints2\{a3c754a4-c6ed-11dd-a7c2-001aa08f95d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a3c754a8-c6ed-11dd-a7c2-001aa08f95d4}\Shell - "" = AutoRun
O33 - MountPoints2\{a3c754a8-c6ed-11dd-a7c2-001aa08f95d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c09930eb-6ab9-11dc-a77c-001aa08f95d4}\Shell\AutoRun\command - "" = Autorun.exe /run
O33 - MountPoints2\{c09930eb-6ab9-11dc-a77c-001aa08f95d4}\Shell\Shell00\Command - "" = Autorun.exe /run
O33 - MountPoints2\{c09930eb-6ab9-11dc-a77c-001aa08f95d4}\Shell\Shell01\Command - "" = Autorun.exe /action
O33 - MountPoints2\{c09930eb-6ab9-11dc-a77c-001aa08f95d4}\Shell\Shell02\Command - "" = Autorun.exe /uninstall
O34 - HKLM BootExecute: (SDEarlyDelete) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 08:32:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/24 02:31:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ronald Oltmanns\Desktop\OTL.exe
[2010/08/23 14:47:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/23 14:47:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/23 13:24:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ronald Oltmanns\Desktop\TFC.exe
[2010/08/23 13:05:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/08/23 13:05:43 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/08/23 13:05:43 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/08/23 13:05:43 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/08/23 13:05:43 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/08/23 13:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/08/23 13:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/08/23 12:59:43 | 010,496,504 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Ronald Oltmanns\Desktop\trojanremover682.exe
[2010/08/23 12:29:59 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/08/21 15:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/21 15:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/21 15:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/21 15:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/13 00:33:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/12 23:12:38 | 000,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Ronald Oltmanns\Desktop\KillBox.exe
[2010/08/12 21:05:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/08/11 09:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald Oltmanns\My Documents\My Meetings
[2010/08/11 09:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald Oltmanns\Tracing
[2010/08/11 09:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/08/05 22:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/08/02 12:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ronald Oltmanns\Application Data\Amazon
[2010/08/02 12:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2010/07/25 21:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2007/09/24 16:28:53 | 107,095,136 | ---- | C] (Seagate) -- C:\Program Files\DiscWizardSetup.en.exe

========== Files - Modified Within 90 Days ==========

[2010/08/24 08:40:33 | 008,136,704 | -H-- | M] () -- C:\WINDOWS\System32\SecSigDB.BIN
[2010/08/24 08:40:33 | 000,450,000 | -H-- | M] () -- C:\WINDOWS\System32\NameDB.BIN
[2010/08/24 08:34:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/24 08:34:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/24 08:33:54 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/24 08:33:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 08:33:32 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 08:33:31 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/24 08:32:26 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Ronald Oltmanns\NTUSER.DAT
[2010/08/24 08:32:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ronald Oltmanns\ntuser.ini
[2010/08/24 08:32:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/08/24 02:31:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ronald Oltmanns\Desktop\OTL.exe
[2010/08/24 00:23:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/23 23:29:54 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E478F26C-FD79-4DEB-8832-FAE453CB129F}.job
[2010/08/23 15:17:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Ronald Oltmanns\Desktop\GMER.exe
[2010/08/23 14:47:51 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 13:24:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ronald Oltmanns\Desktop\TFC.exe
[2010/08/23 13:05:57 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/08/23 12:59:43 | 010,496,504 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\Ronald Oltmanns\Desktop\trojanremover682.exe
[2010/08/21 15:52:21 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/21 09:29:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/19 22:42:54 | 001,109,136 | ---- | M] (Max Secure Software) -- C:\WINDOWS\System32\CheckDll.dll
[2010/08/18 14:31:35 | 000,035,115 | ---- | M] () -- C:\Documents and Settings\Ronald Oltmanns\My Documents\Lesson27-OnTheRoadToMillionstranscript(PDF).pdf
[2010/08/13 09:30:36 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Ronald Oltmanns\Desktop\rkill.com
[2010/08/12 23:26:18 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Ronald Oltmanns\Desktop\regfix.reg
[2010/08/12 23:12:38 | 000,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Ronald Oltmanns\Desktop\KillBox.exe
[2010/08/12 21:14:45 | 000,384,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 21:09:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 21:08:31 | 000,574,930 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 21:08:31 | 000,493,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 21:08:31 | 000,091,186 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 21:05:42 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/05 22:29:11 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Max Spyware Detector.lnk
[2010/06/23 11:34:04 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/06 17:04:18 | 000,006,720 | ---- | M] () -- C:\Documents and Settings\Ronald Oltmanns\My Documents\install.php
[2010/06/03 15:36:59 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Ronald Oltmanns\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 10:40:43 | 000,044,585 | ---- | M] () -- C:\Documents and Settings\Ronald Oltmanns\My Documents\Rescue Helicopters Elevate Profits (Air Methods-forbes) 20091102.pdf

OLAnEEUU · Aug 24, 2010

Good news--I'm not being redirected anymore! Thanks.
But does that mean I'm clean?

Do you need me to paste the rest of the OTL2 log here (I was in the middle of doing that when I saw your reply)?

Should I go ahead with running the Bootkit Remover that you mentioned even though I'm not being redirected at the moment?

Thanks for the help and your guidance.

crunchie · Aug 24, 2010

You can leave my last request but do the following please;

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

OLAnEEUU · Aug 24, 2010

JavaRa results

The JavaRa removal process was started on Tue Aug 24 18:49:44 2010

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\Ronald Oltmanns\Application Data\Sun\Java\jre1.6.0_10

Found and removed: C:\Documents and Settings\Ronald Oltmanns\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\Ronald Oltmanns\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\Ronald Oltmanns\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\Ronald Oltmanns\Application Data\Sun\Java\jre1.6.0_18

Found and removed: C:\Documents and Settings\Ronald Oltmanns\Application Data\Sun\Java\jre1.6.0_19

Found and removed: C:\Documents and Settings\Ronald Oltmanns\Application Data\Sun\Java\jre1.6.0_20

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

Found and removed: SOFTWARE\Classes\JavaPlugin.160_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_10

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\JavaPlugin.160_07

Found and removed: Software\Classes\JavaPlugin.160_10

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_10

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_07

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_10

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

crunchie · Aug 24, 2010

No worries. Looks like you are good to go, after you do this:

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

OLAnEEUU · Aug 24, 2010

Thanks

OTC ran and removed the apps on my desktop. It appears I'm clean.
I've been using Max Spyware Detector and thought I was being fairly careful. Do you suggest I keep using Max SD as well as the basic tools (TFC, Avira, MBAM) for weekly maintenance? Do I need to do anything else to close out this thread (I'm new here). Thanks again!

crunchie · Aug 24, 2010

First time I have heard of Max Spyware Detector, so I cannot comment on it.
Personally I would go with MBA_M for a malware cleaner.
Avira is a good AV and TFC is good for cleaning up extraneous files.

You are welcome.

Inactive Google searches in Firefox get redirected

OLAnEEUU

Posts: 18 +0

Attachments

crunchie

Posts: 728 +0

OLAnEEUU

Posts: 18 +0

Attachments

crunchie

Posts: 728 +0

OLAnEEUU

Posts: 18 +0

OLAnEEUU

Posts: 18 +0

Attachments

crunchie

Posts: 728 +0

OLAnEEUU

Posts: 18 +0

OLAnEEUU

Posts: 18 +0

crunchie

Posts: 728 +0

OLAnEEUU

Posts: 18 +0

crunchie

Posts: 728 +0

OLAnEEUU

Posts: 18 +0

crunchie

Posts: 728 +0

Similar threads

Latest posts