TechSpot

[Pirated OS] System Check malware

Inactive
By Donjohnny
Mar 27, 2012
Topic Status:
Not open for further replies.
  1. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    When I say nothing I mean nothing.. however the computer does work harder for a short period. I have watched Task Manager and it does not show a new process starting up. I can boot into normal mode just fine. I can get on the internet with the computer, access word docs, etc. I can access every program I have tried other than the ones you ask me to open it seems. I can boot into normal mode without problem. I still have a google redirect virus and something else is lurking in the shadows. This completely befuddles me.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Back to your first post: the files on your desktop which was new: C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq.exe (Backdoor.Agent.RCGen) -> 2496 -> Delete on reboot. had 2 entries removed in Mbam. But anytime there is a Backdoor in the malware, deleting 1 or 2 entries will not guarantee the this malware is gone.

    There is a possibility the the system may have been compromised.
    ==============================
    Run this small scan and see if it allows the .exe files to work:

    Download a Registry file that will fix these changes.
    Please download FixNCR.reg and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.
    • Insert the removable device into the infected computer and open the folder the drive letter associated with it.(Usually C)
    • Double click the FixNCR.reg file
    • You should now be able to run the .exe files.
  3. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    I downloaded FixNCR.reg to a flash drive on a safe computer.
    Started in safe mode w/ networking as admin.
    inserted flash drive into computer, opened explorer then double clicked on the the FixNCR.reg. It asked if I "want to add the information in F://Nfix NCR.reg to the registry"
    I clicked yes.
    The program ran then I went and tried to run RKill >run as> administrator.
    RKill failed to run so I restarted the computer back into safe mode w/ networking. I then ran RKill as administrator with no problems and then inserted falsh drive into computer, opened explorer then double clicked on the the FixNCR.reg. It asked if I "want to add the information in F://Nfix NCR.reg to the registry"
    I clicked yes.
    I then double clicked on TDSSKiller and attempted to run it as I watch Task Manager. I saw no hint of the computer attempting to run TDSSKiller. It did not show a new process and I waited several minutes.

    Did I run FixNCR correctly?
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    What is the status of antivirus program now? Please make sure there is an AV program on the system- even if you have to disable it to run a scan you need to have an AV.
    --------------------------
    If you ran the App Remover for AVG and it's still off, please make sure one of the following is on the system:
    Microsoft Security Essentials
    Comodo AV
    Avast! Free Antivirus
    Note: If you did not remove AVG or if you did but put it back on the system, do not add one f the above.
    ========================================
    Boot into Normal Mode:

    Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    ========================================
    Run the following in Normal Mode:
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =====================================
    Run the following in Normal Mode:
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    =======================================
    Is this icon still on the deskstop? From Mbam:
    C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq.exe (Backdoor.Agent.RCGen) -> Delete on reboot.
  5. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    I am using COMODO for anti virus.
    "C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq.exe" icon is still on the desktop and toolbar.

    I performed all scans in normal mode. I was never asked to reboot so the computer stayed on between scans.
  6. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    Malwarebytes' Anti-Malware 1.38
    Database version: 2297
    Windows 5.1.2600 Service Pack 3

    7/12/2009 8:12:28 AM
    mbam-log-2009-07-12 (08-12-28).txt

    Scan type: Quick Scan
    Objects scanned: 94491
    Time elapsed: 5 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  7. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    ESET
    C:\Documents and Settings\TimH\Application Data\Sun\Java\Deployment\cache\6.0\32\43fbc220-69c056ab multiple threats
    C:\Documents and Settings\TimH\Application Data\Sun\Java\Deployment\cache\6.0\46\2fe44d2e-27df7d28 multiple threats
    C:\Documents and Settings\TimH\Application Data\Sun\Java\Deployment\cache\6.0\63\173fc6bf-66a01941 multiple threats
  8. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    OTL logfile created on: 4/7/2012 11:34:58 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\TimH\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    894.96 Mb Total Physical Memory | 225.28 Mb Available Physical Memory | 25.17% Memory free
    1.59 Gb Paging File | 0.76 Gb Available in Paging File | 48.18% Paging File free
    Paging file location(s): C:\pagefile.sys 800 800 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 93.15 Gb Total Space | 39.65 Gb Free Space | 42.57% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA_P35-S60 | User Name: TimH | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\TimH\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
    PRC - C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
    PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
    PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPS.exe (COMODO)
    PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe (Autodesk)
    PRC - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe (Autodesk)
    PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
    PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
    PRC - C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
    PRC - C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
    PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll ()
    MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\autodeskdm_services\f924c671\35d0f680\App_global.asax.9pzso_ok.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
    MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
    MOD - C:\Program Files\Comodo\COMODO Internet Security\scanners\smart.cav ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\Socket\Adaptor.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\GuiListener\export.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\Socket\Export.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\RemoteDesktop\Export.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\RemoteDesktop\ShHook.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\CRF\export.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\EventMonitor\export.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\EventMonitor\EventMonitor.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\CLPS_RES.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLANG.dll ()
    MOD - C:\WINDOWS\system32\quartz.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
    MOD - C:\Program Files\Java\jre6\bin\jp2iexp.dll ()
    MOD - C:\Program Files\Java\jre6\bin\jp2native.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (cmdAgent) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
    SRV - (CLPSLS) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
    SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
    SRV - (Autodesk Data Management Job Dispatch) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe (Autodesk)
    SRV - (Autodesk EDM Server) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe (Autodesk)
    SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
    DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\TimH\LOCALS~1\Temp\catchme.sys File not found
    DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
    DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)
    DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
    DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
    DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (SIVDRIVER) -- C:\WINDOWS\system32\drivers\SIVX32.sys (Ray Hinchliffe)
    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (GoProto) -- C:\WINDOWS\system32\drivers\goprot51.sys (Gteko Ltd.)
    DRV - (ser2plms) -- C:\WINDOWS\system32\drivers\ser2plms.sys (Prolific Technology Inc.)
    DRV - (AR5211) -- C:\WINDOWS\system32\drivers\SHP5211.sys (Atheros Communications, Inc.)
    DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)
    DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.)
    DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
    DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
    DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
    DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
    DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
    DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
    DRV - (caboagp) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS (ATI Technologies Inc.)
    DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {93C88016-6213-460F-ADAF-5FD1532C0322}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{93C88016-6213-460F-ADAF-5FD1532C0322}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.osu.edu"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
    FF - prefs.js..extensions.enabledItems: addonssidebar@studio17.wordpress.com:3.8
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/15 19:52:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/15 19:52:43 | 000,000,000 | ---D | M]

    [2008/09/11 10:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TimH\Application Data\Mozilla\Extensions
    [2012/03/22 19:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TimH\Application Data\Mozilla\Firefox\Profiles\ydi713l2.default\extensions
    [2011/02/18 20:39:14 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\TimH\Application Data\Mozilla\Firefox\Profiles\ydi713l2.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2012/01/06 17:57:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\TimH\Application Data\Mozilla\Firefox\Profiles\ydi713l2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2009/11/16 19:02:33 | 000,000,000 | ---D | M] (Add-ons Sidebar) -- C:\Documents and Settings\TimH\Application Data\Mozilla\Firefox\Profiles\ydi713l2.default\extensions\addonssidebar@studio17.wordpress.com
    [2010/09/28 14:03:16 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\TimH\Application Data\Mozilla\Firefox\Profiles\ydi713l2.default\searchplugins\bing.xml
    [2007/11/03 09:49:22 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\TimH\Application Data\Mozilla\Firefox\Profiles\ydi713l2.default\searchplugins\mozilla-add-ons.xml
    [2012/03/22 19:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/21 17:37:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/17 18:04:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/26 19:38:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/05 23:27:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/18 17:56:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/20 20:30:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/10/28 17:24:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
    [2009/03/05 20:45:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2009/09/02 05:28:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O2 - BHO: (CPrintEnhancer Object) - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
    O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
    O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
    O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
    O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
    O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
    O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Interface File.lnk = C:\EPICXL\Agcosi_eu.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165632870640 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{271F40DA-7CFC-4A07-A55E-1C669BEC51B7}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\TimH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\TimH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/12/08 20:05:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{2b1ad084-60da-11df-a3ef-000fb084483e}\Shell - "" = AutoRun
    O33 - MountPoints2\{2b1ad084-60da-11df-a3ef-000fb084483e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{2b1ad084-60da-11df-a3ef-000fb084483e}\Shell\AutoRun\command - "" = E:\laucher.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/07 11:32:47 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TimH\Desktop\OTL.exe
    [2012/04/07 09:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/04/07 09:17:19 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\TimH\Desktop\esetsmartinstaller_enu.exe
    [2012/04/01 10:52:57 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\TimH\Desktop\unhide.exe
    [2012/03/31 11:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2012/03/31 11:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free 9.0
    [2012/03/31 10:54:45 | 000,000,000 | ---D | C] -- C:\VritualRoot
    [2012/03/29 19:20:19 | 004,448,838 | R--- | C] (Swearware) -- C:\Documents and Settings\TimH\Desktop\ComboFix.exe
    [2012/03/29 17:14:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/29 17:13:50 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012/03/29 17:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
    [2012/03/29 17:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
    [2012/03/29 17:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
    [2012/03/29 17:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
    [2012/03/29 17:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
    [2012/03/29 16:07:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2012/03/27 21:11:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
    [2012/03/27 19:43:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\TimH\Desktop\dds.exe
    [2012/03/27 19:15:23 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\TimH\Desktop\AppRemover.exe
    [2012/03/26 18:59:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\TimH\Recent
    [2012/03/25 10:11:04 | 000,000,000 | -HSD | C] -- C:\found.000
    [2012/03/23 18:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TimH\Start Menu\Programs\System Check
    [2012/03/11 21:13:48 | 000,097,760 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
    [2012/03/11 21:13:46 | 000,494,968 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
    [2012/03/11 21:13:46 | 000,031,704 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
    [2012/03/11 21:13:44 | 000,018,056 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
    [2012/03/11 21:13:20 | 000,301,224 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
    [2012/03/11 21:13:20 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/07 11:32:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TimH\Desktop\OTL.exe
    [2012/04/07 11:23:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1606980848-725345543-1003UA.job
    [2012/04/07 09:17:28 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\TimH\Desktop\esetsmartinstaller_enu.exe
    [2012/04/07 07:23:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/07 07:23:25 | 000,129,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2012/04/07 06:41:26 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2012/04/05 19:30:19 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\TimH\Desktop\Google Chrome.lnk
    [2012/04/05 18:03:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/03 17:26:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/04/01 11:07:51 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\TimH\Desktop\iExplore.exe
    [2012/04/01 10:52:59 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\TimH\Desktop\unhide.exe
    [2012/03/31 12:12:02 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/03/29 19:20:19 | 004,448,838 | R--- | M] (Swearware) -- C:\Documents and Settings\TimH\Desktop\ComboFix.exe
    [2012/03/29 17:06:47 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Antivirus.lnk
    [2012/03/29 17:06:03 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2012/03/29 17:06:03 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
    [2012/03/29 17:05:42 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
    [2012/03/29 16:59:09 | 000,127,547 | ---- | M] () -- C:\Documents and Settings\TimH\Desktop\setup_av_free.exe
    [2012/03/28 18:59:03 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\TimH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/03/28 16:23:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1606980848-725345543-1003Core.job
    [2012/03/27 19:44:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\TimH\Desktop\dds.exe
    [2012/03/27 19:15:23 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\TimH\Desktop\AppRemover.exe
    [2012/03/26 19:12:52 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\TimH\Desktop\h94rnms4.exe
    [2012/03/23 18:30:56 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~1gKeUlddAhu4pq
    [2012/03/23 18:30:56 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~1gKeUlddAhu4pqr
    [2012/03/23 18:17:46 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/03/23 18:17:46 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\TimH\Desktop\System Check.lnk
    [2012/03/23 18:17:37 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq
    [2012/03/15 19:56:46 | 000,488,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/03/15 19:56:45 | 000,089,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/03/14 16:09:31 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/03/13 22:11:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/03/11 21:13:48 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
    [2012/03/11 21:13:46 | 000,494,968 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
    [2012/03/11 21:13:46 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
    [2012/03/11 21:13:44 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
    [2012/03/11 21:13:20 | 000,301,224 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
    [2012/03/11 21:13:20 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/01 11:07:47 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\iExplore.exe
    [2012/03/31 11:30:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/31 11:06:44 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/03/29 17:10:41 | 000,129,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2012/03/29 17:06:47 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Antivirus.lnk
    [2012/03/29 17:06:03 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2012/03/29 17:06:03 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
    [2012/03/29 17:05:42 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
    [2012/03/29 16:59:23 | 000,127,547 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\setup_av_free.exe
    [2012/03/26 19:12:52 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\h94rnms4.exe
    [2012/03/26 16:54:11 | 000,002,501 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2012/03/26 16:54:11 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Streets & Trips 2007 with GPS Locator.lnk
    [2012/03/26 16:54:11 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/03/26 16:54:11 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
    [2012/03/26 16:54:11 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop 7.0.lnk
    [2012/03/26 16:54:11 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to compupic.exe.lnk
    [2012/03/26 16:54:11 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2012/03/26 16:54:10 | 000,001,543 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Mail.lnk
    [2012/03/26 16:54:10 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Update.lnk
    [2012/03/26 16:54:10 | 000,000,523 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Interface File.lnk
    [2012/03/26 16:54:09 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    [2012/03/26 16:54:09 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    [2012/03/26 16:54:08 | 000,002,437 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Streets & Trips 2007 with GPS Locator.lnk
    [2012/03/26 16:53:58 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
    [2012/03/23 18:30:56 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1gKeUlddAhu4pq
    [2012/03/23 18:30:56 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1gKeUlddAhu4pqr
    [2012/03/23 18:17:46 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\System Check.lnk
    [2012/03/23 18:17:37 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq
    [2012/02/17 17:11:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/11/04 17:29:40 | 000,001,611 | ---- | C] () -- C:\WINDOWS\apcs_bak.ini
    [2011/11/04 16:55:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2011/11/04 16:52:01 | 000,002,034 | ---- | C] () -- C:\WINDOWS\apcs.ini
    [2011/08/05 04:57:57 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DfrgUIEx.INI

    ========== LOP Check ==========

    [2007/10/06 08:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2011/03/14 23:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012/03/29 19:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
    [2011/11/04 16:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2007/10/13 08:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/09/19 09:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2007/09/11 19:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\acccore
    [2007/10/03 06:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\Ansys
    [2007/11/10 15:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\Autodesk
    [2011/11/04 16:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\DAEMON Tools Lite
    [2008/12/30 17:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\GARMIN
    [2007/09/30 17:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\Image Zone Express
    [2006/12/08 23:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\Leadertech
    [2006/12/10 03:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\OfficeUpdate12
    [2007/09/05 20:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\Printer Info Cache
    [2009/08/30 09:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\Viewpoint

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe
    [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX2\procs\explorer.exe
    [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX3\procs\explorer.exe
    [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX6\procs\explorer.exe
    [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX7\procs\explorer.exe
    [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\TimH\Local Settings\temp\RarSFX1\procs\explorer.exe
    [2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX2\h\explorer.exe
    [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX3\h\explorer.exe
    [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX6\h\explorer.exe
    [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX7\h\explorer.exe
    [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\TimH\Local Settings\temp\RarSFX1\h\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\cache\userinit.exe
    [2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
    [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX2\userinit.exe
    [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX3\userinit.exe
    [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX6\userinit.exe
    [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX7\userinit.exe
    [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\TimH\Local Settings\temp\RarSFX1\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX2\winlogon.exe
    [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX3\winlogon.exe
    [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX6\winlogon.exe
    [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX7\winlogon.exe
    [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\TimH\Local Settings\temp\RarSFX1\winlogon.exe
    [2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
    [2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < %systemroot%\*. /mp /s >

    < End of report >
  9. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    OTL Extras logfile created on: 4/7/2012 11:34:58 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\TimH\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    894.96 Mb Total Physical Memory | 225.28 Mb Available Physical Memory | 25.17% Memory free
    1.59 Gb Paging File | 0.76 Gb Available in Paging File | 48.18% Paging File free
    Paging file location(s): C:\pagefile.sys 800 800 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 93.15 Gb Total Space | 39.65 Gb Free Space | 42.57% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA_P35-S60 | User Name: TimH | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
    "{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
    "{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
    "{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
    "{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{5783F2D7-6013-0409-0002-0060B0CE6BBA}" = Autodesk Mechanical Desktop 2008
    "{5E8ED61B-9027-4EA3-8E5B-BC2A9EE6B020}" = Autodesk Data Management Server 2008
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
    "{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6F411DB4-EC41-482B-AD46-384957928F69}" = AOEMView 2008
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
    "{7F4DD591-1200-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2008
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A3DDA019-40B7-491C-AC88-62B94491FE8A}" = TouchPad On/Off Utility
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
    "{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B6C1C65F-EE1C-4E45-8112-422693F22FD4}" = Diskeeper Professional Premier Edition
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}" = Microsoft Streets & Trips 2007 with GPS Locator
    "{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D29092CC-0AD2-7B53-A090-4CC3D33A1033}" = Nero 7 Demo
    "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
    "{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}" = HP Smart Web Printing 1.0
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097}" = Autodesk Vault 2008
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
    "{F9450605-65E7-45E4-B071-BD759E10F072}" = TOSHIBA Hotkey Utility
    "{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "Agco CD-ROM 2000" = Agco CD-ROM 2000
    "All ATI Software" = ATI - Software Uninstall Utility
    "AOEMView 2008" = AOEMView 2008
    "ATI Display Driver" = ATI Display Driver
    "Autodesk Data Management Server 2008" = Autodesk Data Management Server 2008
    "Autodesk Mechanical Desktop 2008" = Autodesk Mechanical Desktop 2008
    "Autodesk Vault 2008" = Autodesk Vault 2008
    "Comodo Dragon" = Comodo Dragon
    "COMODO GeekBuddy" = COMODO GeekBuddy
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Defender Pro PC Tune-up and Repair" = Defender Pro PC Tune-up and Repair
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1045)
    "ESET Online Scanner" = ESET Online Scanner v3
    "Hatfield-McCoy Trails" = Hatfield-McCoy Trails
    "HijackThis" = HijackThis 2.0.2
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{A3DDA019-40B7-491C-AC88-62B94491FE8A}" = TouchPad On/Off Utility
    "InstallShield_{F9450605-65E7-45E4-B071-BD759E10F072}" = TOSHIBA Hotkey Utility
    "John Deere American Farmer Deluxe_is1" = John Deere American Farmer Deluxe
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "MatlabR2007a" = MATLAB R2007a
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
    "us army in iraq Screen Saver" = us army in iraq Screen Saver
    "VLC media player" = VLC media player 1.1.8
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Extras" = Yahoo! Browser Services
    "Yahoo! Mail" = Yahoo! Internet Mail
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "bd155ea3776e7403" = tire_sizes
    "Google Chrome" = Google Chrome
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/27/2012 8:19:12 PM | Computer Name = TOSHIBA_P35-S60 | Source = Autodesk Data Management Job Dispatch | ID = 0
    Description = JobService.ExecuteJob() failure. JobTimer Id: d313d634-da61-4d7e-b750-cb07e20998e9
    The
    request failed with HTTP status 400: Bad Request.

    Error - 3/27/2012 8:22:14 PM | Computer Name = TOSHIBA_P35-S60 | Source = Autodesk Data Management Job Dispatch | ID = 0
    Description = JobService.ExecuteJob() failure. JobTimer Id: d313d634-da61-4d7e-b750-cb07e20998e9
    The
    operation has timed out

    Error - 3/27/2012 8:32:44 PM | Computer Name = TOSHIBA_P35-S60 | Source = Application Error | ID = 1000
    Description = Faulting application avgwdsvc.exe, version 9.0.0.832, faulting module
    avgwd.dll, version 9.0.0.926, fault address 0x000594c6.

    Error - 3/29/2012 6:08:18 PM | Computer Name = TOSHIBA_P35-S60 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 3/29/2012 6:08:18 PM | Computer Name = TOSHIBA_P35-S60 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 3/31/2012 11:54:45 AM | Computer Name = TOSHIBA_P35-S60 | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt>
    with error: A connection with the server could not be established

    Error - 3/31/2012 11:54:45 AM | Computer Name = TOSHIBA_P35-S60 | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt>
    with error: This network connection does not exist.

    Error - 3/31/2012 11:54:46 AM | Computer Name = TOSHIBA_P35-S60 | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt>
    with error: This network connection does not exist.

    Error - 3/31/2012 11:54:46 AM | Computer Name = TOSHIBA_P35-S60 | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt>
    with error: This network connection does not exist.

    Error - 3/31/2012 11:54:51 AM | Computer Name = TOSHIBA_P35-S60 | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt>
    with error: This network connection does not exist.

    [ System Events ]
    Error - 4/3/2012 6:22:39 PM | Computer Name = TOSHIBA_P35-S60 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cmdGuard Fips intelppm SrvcEKIOMngr SrvcSSIOMngr SrvcTPIOMngr

    Error - 4/3/2012 6:23:58 PM | Computer Name = TOSHIBA_P35-S60 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 4/3/2012 6:24:07 PM | Computer Name = TOSHIBA_P35-S60 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 4/3/2012 6:38:33 PM | Computer Name = TOSHIBA_P35-S60 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 4/3/2012 6:40:26 PM | Computer Name = TOSHIBA_P35-S60 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 4/3/2012 6:41:01 PM | Computer Name = TOSHIBA_P35-S60 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cmdGuard Fips intelppm SrvcEKIOMngr SrvcSSIOMngr SrvcTPIOMngr

    Error - 4/3/2012 6:44:25 PM | Computer Name = TOSHIBA_P35-S60 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 4/3/2012 6:57:45 PM | Computer Name = TOSHIBA_P35-S60 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 4/4/2012 6:32:10 PM | Computer Name = TOSHIBA_P35-S60 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Autodesk Data Management
    Job Dispatch service to connect.

    Error - 4/4/2012 6:32:10 PM | Computer Name = TOSHIBA_P35-S60 | Source = Service Control Manager | ID = 7000
    Description = The Autodesk Data Management Job Dispatch service failed to start
    due to the following error: %%1053


    < End of report >
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Directions in the first Mbam clearly said:
    Malwarebytes:
    Files Detected: 3
    C:\Documents and Settings\All Users\Application Data\rSkVSbFvavfCaY.exe (Rogue.FakeHDD) -> Delete on reboot.
    C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq.exe (Backdoor.Agent.RCGen) -> Delete on reboot.

    You didn't reboot so the files remained on the desktop.
    ==========================================
    You have 7 outdated versions of Java. That's why Eset has found the multiple threats in the Java cache:
    Please update Java: Java Updates .
    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    ==========================================
    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Note: Do not leave this log.
    ===========================================
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Documents and Settings\TimH\Application Data\Sun\Java\Deployment\cache\6.0\32\43fbc220-69c056ab 
      C:\Documents and Settings\TimH\Application Data\Sun\Java\Deployment\cache\6.0\46\2fe44d2e-27df7d28 
      C:\Documents and Settings\TimH\Application Data\Sun\Java\Deployment\cache\6.0\63\173fc6bf-66a01941 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =============================================
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ===========================================
    I'll try to check the OTL logs later. If don't get back tonight, I will continue on Monday as I won't be online tomorrow, Easter Sunday.
  11. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    I do not recall Malbytes asking to restart, however I must have over looked it.

    All processes killed
    ========== FILES ==========
    C:\Documents and Settings\TimH\Application Data\Sun\Java\Deployment\cache\6.0\32\43fbc220-69c056ab moved successfully.
    C:\Documents and Settings\TimH\Application Data\Sun\Java\Deployment\cache\6.0\46\2fe44d2e-27df7d28 moved successfully.
    C:\Documents and Settings\TimH\Application Data\Sun\Java\Deployment\cache\6.0\63\173fc6bf-66a01941 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 7214820 bytes
    ->Temporary Internet Files folder emptied: 46169107 bytes
    ->Flash cache emptied: 1488 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Drivers

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 623072 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: TimH
    ->Temp folder emptied: 1275081841 bytes
    ->Temporary Internet Files folder emptied: 5467298 bytes
    ->Java cache emptied: 8786707 bytes
    ->Google Chrome cache emptied: 14293778 bytes
    ->Flash cache emptied: 2169862 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2162283 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 27095879 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 92270360 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 317797 bytes
    RecycleBin emptied: 4608292 bytes

    Total Files Cleaned = 1,418.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 04072012_191032

    Files moved on Reboot...
    File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_974.dat not found!
    File C:\Documents and Settings\TimH\Local Settings\Temp\Perflib_Perfdata_5b4.dat not found!

    Registry entries deleted on Reboot...
     
  12. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    Should I re run Malbytes and remove the virus files on reboot?
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Did you run OTM after Malwarebytes, then reboot? If so, that should handle it. If you see 'delete or remove on reboot' in a scan, then please reboot after the scan unless I have told you specifically not to boot.
  14. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    Yesterday I ran Malbytes and removed the two files. I think I ran OTM after malbytes on the 8th however I do not remember.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.04.14.04
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    TimH :: TOSHIBA_P35-S60 [administrator]
    4/14/2012 9:29:54 AM
    mbam-log-2012-04-14 (09-29-54).txt
    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 466688
    Time elapsed: 1 hour(s), 31 minute(s), 18 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\RECYCLER\S-1-5-21-1482476501-1606980848-725345543-1003\Dc1.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-1482476501-1606980848-725345543-1003\Dc2.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
    (end)
  15. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    I have tried to edit the post above but can not. I ran OTM after Malbytes However I can not remember If I shut the computer down first or left it running between scans.
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    From OTM: Total Files Cleaned = 1,418.00 mb. This is way too many unneeded files to be on the system. Please set up a regular maintenance schedule and follow it.
    ------------------------------------------
    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
      FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
      [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\*.tmp files -> C:\*.tmp -> ]
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      [2012/03/25 10:11:04 | 000,000,000 | -HSD | C] -- C:\found.000
      [2012/03/29 16:59:09 | 000,127,547 | ---- | M] () -- C:\Documents and Settings\TimH\Desktop\setup_av_free.exe
      [2012/03/26 19:12:52 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\TimH\Desktop\h94rnms4.exe
      [2012/03/23 18:30:56 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~1gKeUlddAhu4pq
      [2012/03/23 18:30:56 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~1gKeUlddAhu4pqr
      [2012/03/23 18:17:46 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
      [2012/03/23 18:17:46 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\TimH\Desktop\System Check.lnk
      [2012/03/23 18:17:37 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq
      [2012/03/15 19:56:46 | 000,488,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
      [2012/03/15 19:56:45 | 000,089,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
      [2012/03/31 11:06:44 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
      [2012/03/29 16:59:23 | 000,127,547 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\setup_av_free.exe
      [2012/03/26 19:12:52 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\h94rnms4.exe
      [2012/03/23 18:30:56 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1gKeUlddAhu4pq
      [2012/03/23 18:30:56 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1gKeUlddAhu4pqr
      [2012/03/23 18:17:46 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\System Check.lnk
      [2012/03/23 18:17:37 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq
      [2009/08/30 09:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\Viewpoint
      [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX2\h\explorer.exe
      [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX3\h\explorer.exe
      [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX6\h\explorer.exe
      [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Administrator\Local Settings\temp\RarSFX7\h\explorer.exe
      [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\TimH\Local Settings\temp\RarSFX1\h\explorer.exe
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "HijackThis" 
      :Files
      C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq.exe 
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    ===================================================
    If you have updated Java as instructed and run Java Ra, open each browser> Tools> Manage Addons> in the Extensions, plugins and Java Console sections, highlight and remove ALL Java except for Java v6u31.
    ==================================================
    There are entries now in the Recycler that need to be removed:

    Although Mbam says it deleted these entries, it cannot actually delete the Recycler folder contents- that has to be done manually
    Note in the above: This is the identification number (SID) of the account with the entries to be removed:

    S-1-5-21-1482476501-1606980848-725345543-1003
    -----------------------------------
    The Recycler folder is a hidden folder where the files you delete are stored, until you empty the Recycle Bin on NTFS partition.

    The Recycler folder contains a Recycle Bin for each user that logs on to the computer, sorted by their security identifier (SID).Example: S-1-5-21-330564415-2671475969-752554860-1006

    Note: The Reycle Bin on the Desktop must be empty. Close any running programs

    1.Clear the Recycler using Command Prompt
    1. Click on Start> Run> type in cmd> (OS version dependent)> enter
    2. Right-click cmd.exe> click Run as administrater> Continue
    3. At the elevated command prompt type> rd /s /q c:\recycler
      Note: If C is not the Hard Drive letter, change the c in the entry to the Drive letter.
    4. Windows will create a new recycler for the drive when the computer is rebooted.
    OR
    2.Clear the Recycler using Windows Explorer
    1. Right click on Start> Explore> Computer> Local Drive
    2. Go to Tools> Folder Options> View tab
    3. Check 'show hidden files and folders
    4. Uncheck 'hide protected systeem files (Recommended)
    5. Click Yes to confirm
    6. Double click C Drive> Scroll down to and double click on the Recycler
    7. Highlight all the files> Hold shift and press the Delete key

    Reset the Hidden files and folders
    • Go back to Folder Options> View tab[/u]
      • Check 'do not show hidden files and folders'
      • Recheck 'hide proected systm files' (Recommended)
      • Click on OK> Apply> OK> Exit Windows Explorer.
      -------------------------------
      Do not be upset if emptying the Recycler doesn't work. Sometimes it won't even when everything it done right. The contents will eventually be overwritted.
      =====================================================
      Reboot the computer.
      ====================================================
      Let me know how the system is doing and what symptoms of the malware remain, if any.
  17. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    OTL got stuck at (processing Registry data "Hijack This"....)
    After an hour I shut the computer down. I retried but it then did it again. The computer did not freeze it just never got past the Hijack stage.
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Boot into Safe Mode - just plain Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    ---------------------------------
    Using Windows key + E> open Windows Explorer> the do the following:

    Show Hidden Folders/Files
      • Go to Tools > Folder Options.
      • Select the View tab.
      • Scroll down to Hidden files and folders.
      • Select Show hidden files and folders.
      • Uncheck Hide extensions of known file types.
      • Uncheck Hide protected operating system files (Recommended).
      • Click Yes when prompted.
      • Click OK.
      ---------------------------------------------------.
      Go to Documents & Settings for All users> Application Data> Look for each of the following and do a RIGHT click> Delete>
      C:\Documents and Settings\All Users\Application Data\~1gKeUlddAhu4pq
      C:\Documents and Settings\All Users\Application Data\~1gKeUlddAhu4pqr
      C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq

      Now go to Documents & Settings forTimH> Desktop> Find the following and do a RIGHT click> Delete>
      C:\Documents and Settings\TimH\Desktop\System Check.lnk

      Go back to Tools> Folder Options> View tab> Check 'don't show hidden files & folders'> Check 'Hide protected system files & folders (Recommended)'

      Close Windows Explorer. Reboot the computer into Normal Mode.
      =================================
      Let me know as clearly as possible what problems remain.
  19. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    When I went to delete the files you listed:
    C:\Documents and Settings\All Users\Application Data\~1gKeUlddAhu4pq
    C:\Documents and Settings\All Users\Application Data\~1gKeUlddAhu4pqr
    C:\Documents and Settings\All Users\Application Data\1gKeUlddAhu4pq
    they where gone. I suspect that OLT ran long enough to dispose of them. I noticed that when I booted up in normal mode that the shortcuts on the desktop and toolbar were gone.
    I then booted into normal mode and ran a quick OTL scan.
    I then cleared the Recycler. The file you wanted me to delete would not. However it had disappeared after I restarted the computer.
    I still have a google redirect virus. I can search google without a problem. However whan I click on a link it redirects me. It attempted to download something however IE asked if i wanted to download a program so I stopped it.
  20. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    OTL logfile created on: 4/18/2012 6:22:16 PM - Run 2
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\TimH\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    894.96 Mb Total Physical Memory | 352.54 Mb Available Physical Memory | 39.39% Memory free
    1.59 Gb Paging File | 1.10 Gb Available in Paging File | 69.47% Paging File free
    Paging file location(s): C:\pagefile.sys 800 800 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 93.15 Gb Total Space | 40.04 Gb Free Space | 42.99% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA_P35-S60 | User Name: TimH | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\TimH\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
    PRC - C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
    PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
    PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPS.exe (COMODO)
    PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    PRC - C:\WINDOWS\system32\ntvdm.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe (Autodesk)
    PRC - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe (Autodesk)
    PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
    PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
    PRC - C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
    PRC - C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
    PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
    MOD - C:\Program Files\Comodo\COMODO Internet Security\scanners\smart.cav ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\Socket\Adaptor.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\GuiListener\export.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\Socket\Export.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\RemoteDesktop\Export.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\RemoteDesktop\ShHook.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\CRF\export.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\EventMonitor\export.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\Components\Core\EventMonitor\EventMonitor.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\CLPS_RES.dll ()
    MOD - C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLANG.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (cmdAgent) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
    SRV - (CLPSLS) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
    SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
    SRV - (Autodesk Data Management Job Dispatch) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe (Autodesk)
    SRV - (Autodesk EDM Server) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe (Autodesk)
    SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
    DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\TimH\LOCALS~1\Temp\catchme.sys File not found
    DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
    DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)
    DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
    DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
    DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (SIVDRIVER) -- C:\WINDOWS\system32\drivers\SIVX32.sys (Ray Hinchliffe)
    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (GoProto) -- C:\WINDOWS\system32\drivers\goprot51.sys (Gteko Ltd.)
    DRV - (ser2plms) -- C:\WINDOWS\system32\drivers\ser2plms.sys (Prolific Technology Inc.)
    DRV - (AR5211) -- C:\WINDOWS\system32\drivers\SHP5211.sys (Atheros Communications, Inc.)
    DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)
    DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.)
    DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
    DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
    DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
    DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
    DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
    DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
    DRV - (caboagp) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS (ATI Technologies Inc.)
    DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {93C88016-6213-460F-ADAF-5FD1532C0322}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{93C88016-6213-460F-ADAF-5FD1532C0322}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.osu.edu"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
    FF - prefs.js..extensions.enabledItems: addonssidebar@studio17.wordpress.com:3.8
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/15 19:52:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/15 19:52:43 | 000,000,000 | ---D | M]

    [2008/09/11 10:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TimH\Application Data\Mozilla\Extensions
    [2012/03/22 19:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TimH\Application Data\Mozilla\Firefox\Profiles\ydi713l2.default\extensions
    [2011/02/18 20:39:14 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\TimH\Application Data\Mozilla\Firefox\Profiles\ydi713l2.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2012/01/06 17:57:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\TimH\Application Data\Mozilla\Firefox\Profiles\ydi713l2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2009/11/16 19:02:33 | 000,000,000 | ---D | M] (Add-ons Sidebar) -- C:\Documents and Settings\TimH\Application Data\Mozilla\Firefox\Profiles\ydi713l2.default\extensions\addonssidebar@studio17.wordpress.com
    [2010/09/28 14:03:16 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\TimH\Application Data\Mozilla\Firefox\Profiles\ydi713l2.default\searchplugins\bing.xml
    [2007/11/03 09:49:22 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\TimH\Application Data\Mozilla\Firefox\Profiles\ydi713l2.default\searchplugins\mozilla-add-ons.xml
    [2012/04/16 19:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/21 17:37:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/17 18:04:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/26 19:38:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/05 23:27:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/18 17:56:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/20 20:30:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2012/04/07 18:57:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2012/04/07 18:56:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2009/09/02 05:28:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/04/07 18:56:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O2 - BHO: (CPrintEnhancer Object) - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
    O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
    O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
    O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
    O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
    O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
    O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
    O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Interface File.lnk = C:\EPICXL\Agcosi_eu.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165632870640 (WUWebControl Class)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\TimH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\TimH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/12/08 20:05:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{2b1ad084-60da-11df-a3ef-000fb084483e}\Shell - "" = AutoRun
    O33 - MountPoints2\{2b1ad084-60da-11df-a3ef-000fb084483e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{2b1ad084-60da-11df-a3ef-000fb084483e}\Shell\AutoRun\command - "" = E:\laucher.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/17 16:21:02 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/04/16 22:03:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TimH\Recent
    [2012/04/07 19:10:32 | 000,000,000 | ---D | C] -- C:\_OTM
    [2012/04/07 19:09:44 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TimH\Desktop\OTM.exe
    [2012/04/07 19:06:39 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\TimH\Desktop\JavaRa.exe
    [2012/04/07 11:32:47 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TimH\Desktop\OTL.exe
    [2012/04/07 09:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/04/07 09:17:19 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\TimH\Desktop\esetsmartinstaller_enu.exe
    [2012/04/01 10:52:57 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\TimH\Desktop\unhide.exe
    [2012/03/31 11:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2012/03/31 11:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free 9.0
    [2012/03/31 10:54:45 | 000,000,000 | ---D | C] -- C:\VritualRoot
    [2012/03/29 19:20:19 | 004,448,838 | R--- | C] (Swearware) -- C:\Documents and Settings\TimH\Desktop\ComboFix.exe
    [2012/03/29 17:14:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/29 17:13:50 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012/03/29 17:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
    [2012/03/29 17:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
    [2012/03/29 17:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
    [2012/03/29 17:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
    [2012/03/29 17:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
    [2012/03/29 16:07:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2012/03/27 21:11:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
    [2012/03/27 19:43:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\TimH\Desktop\dds.exe
    [2012/03/27 19:15:23 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\TimH\Desktop\AppRemover.exe
    [2012/03/23 18:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TimH\Start Menu\Programs\System Check

    ========== Files - Modified Within 30 Days ==========

    [2012/04/18 18:23:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1606980848-725345543-1003UA.job
    [2012/04/18 18:21:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/18 18:20:45 | 000,129,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2012/04/18 16:23:03 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1606980848-725345543-1003Core.job
    [2012/04/17 20:34:43 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\TimH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/17 17:41:49 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2012/04/15 21:29:02 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\TimH\Desktop\Google Chrome.lnk
    [2012/04/14 09:28:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/13 17:27:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/04/11 20:15:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/10 19:51:38 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Streets & Trips 2007 with GPS Locator.lnk
    [2012/04/07 19:09:49 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TimH\Desktop\OTM.exe
    [2012/04/07 19:05:54 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\TimH\Desktop\JavaRa.zip
    [2012/04/07 11:32:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TimH\Desktop\OTL.exe
    [2012/04/07 09:17:28 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\TimH\Desktop\esetsmartinstaller_enu.exe
    [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/04/03 17:26:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/04/01 11:07:51 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\TimH\Desktop\iExplore.exe
    [2012/04/01 10:52:59 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\TimH\Desktop\unhide.exe
    [2012/03/31 12:12:02 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/03/29 19:20:19 | 004,448,838 | R--- | M] (Swearware) -- C:\Documents and Settings\TimH\Desktop\ComboFix.exe
    [2012/03/29 17:06:47 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Antivirus.lnk
    [2012/03/29 17:06:03 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2012/03/29 17:06:03 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
    [2012/03/29 17:05:42 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
    [2012/03/27 19:44:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\TimH\Desktop\dds.exe
    [2012/03/27 19:15:23 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\TimH\Desktop\AppRemover.exe

    ========== Files Created - No Company Name ==========

    [2012/04/14 09:28:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/07 19:06:39 | 000,309,308 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\JavaRa.def
    [2012/04/07 19:06:39 | 000,003,127 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\Nederlands.lng
    [2012/04/07 19:06:39 | 000,003,027 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\Français.lng
    [2012/04/07 19:06:39 | 000,002,946 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\Español.lng
    [2012/04/07 19:06:39 | 000,002,920 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\Italiano.lng
    [2012/04/07 19:06:39 | 000,002,699 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\Deutsch.lng
    [2012/04/07 19:06:39 | 000,002,553 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\Suomi.lng
    [2012/04/07 19:05:53 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\JavaRa.zip
    [2012/04/01 11:07:47 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\TimH\Desktop\iExplore.exe
    [2012/03/31 11:30:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/29 17:10:41 | 000,129,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2012/03/29 17:06:47 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Antivirus.lnk
    [2012/03/29 17:06:03 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
    [2012/03/29 17:06:03 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO GeekBuddy.lnk
    [2012/03/29 17:05:42 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
    [2012/03/26 16:54:11 | 000,002,501 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2012/03/26 16:54:11 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Streets & Trips 2007 with GPS Locator.lnk
    [2012/03/26 16:54:11 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/03/26 16:54:11 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
    [2012/03/26 16:54:11 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop 7.0.lnk
    [2012/03/26 16:54:11 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to compupic.exe.lnk
    [2012/03/26 16:54:11 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\TimH\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2012/03/26 16:54:10 | 000,001,543 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Mail.lnk
    [2012/03/26 16:54:10 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Update.lnk
    [2012/03/26 16:54:10 | 000,000,523 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Interface File.lnk
    [2012/03/26 16:54:09 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    [2012/03/26 16:54:09 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    [2012/03/26 16:54:08 | 000,002,437 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Streets & Trips 2007 with GPS Locator.lnk
    [2012/03/26 16:53:58 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
    [2012/02/17 17:11:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/11/04 17:29:40 | 000,001,611 | ---- | C] () -- C:\WINDOWS\apcs_bak.ini
    [2011/11/04 16:55:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2011/11/04 16:52:01 | 000,002,034 | ---- | C] () -- C:\WINDOWS\apcs.ini
    [2011/08/05 04:57:57 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DfrgUIEx.INI

    ========== LOP Check ==========

    [2007/10/06 08:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2011/03/14 23:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012/03/29 19:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
    [2011/11/04 16:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2007/10/13 08:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/09/19 09:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2007/09/11 19:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\acccore
    [2007/10/03 06:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\Ansys
    [2007/11/10 15:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\Autodesk
    [2011/11/04 16:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\DAEMON Tools Lite
    [2008/12/30 17:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\GARMIN
    [2007/09/30 17:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\Image Zone Express
    [2006/12/08 23:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\Leadertech
    [2006/12/10 03:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\OfficeUpdate12
    [2007/09/05 20:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TimH\Application Data\Printer Info Cache

    ========== Purity Check ==========


    < End of report >
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You still have the redirect because nothing to remove malware will run- but we'll do a bit of checking:

    First: Describe as clearly as possible what you are calling a Google redirect.

    You ran OTL, but can't run the fix.
    You can't run TDSSKiller
    Malwarebytes is clean.
    Can't run DDS, Combofix, TDSSKiller
    ---------------------------------------------------------
    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
  22. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    When using Google, bing, or yahoo the search functions would operate normally. When you would click on a link the page that opens would not be the link you clicked on Ex: click on techspot.com and the search special would come up. It would first start loading youngestangels.com then the address would change to the page that would load. In other instances it would have youngest angels in the address bar then just reload the search page even if it was opened in another tab.This would not always happen but in spurts. The first three pages might open followed by maybe ten that would get redirected.
  23. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:11:09 PM, on 4/18/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
    C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TimH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Interface File.lnk = C:\EPICXL\Agcosi_eu.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165632870640
    O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
    O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    --
    End of file - 9267 bytes
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You have 3 browsers configured: Chrome, Firefox and Internet Explorer. Which do you use the most? Does the redirect happen will all 3 browsers? If not, which browser redirects?

    It's curious because in OTL, I see several entries for Search Scopes in IE. I had some removals set for them, but you can't run it.

  25. Donjohnny

    Donjohnny TS Rookie Topic Starter Posts: 37

    I have tried it in Chrome and in IE. It seems to happen in both of them equally. I have not tried it in Firefox despite firefox being my browser of choice. Since I got the virus I have only used IE except starting up chrome to check the redirect. IE is also my default browser. Later I will try Firefox and see how it acts.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.