Solved Searchqu opens up in all new Firefox tabs

Its still there. Also now after a while of being the internet stops working through firefox. This is solved by a reboot but sometimes when I try to reboot it says a program (whose name I cant remember but will post next time it happens, something like wondows d3 maybe?) is still running and needs to be ended.

Also there was an error msg that came up saying there was a prolem with 'jusched.exe' so I used msconfig to stop jusched starting on startup.

thanks for all your help with this.

J
 
The program that I mentioned earlier is called D3D9Window

OTL logfile created on: 13/11/2011 23:45:50 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jienchino\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.24 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 62.62% Memory free
8.55 Gb Paging File | 8.06 Gb Available in Paging File | 94.29% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 1.08 Gb Free Space | 5.55% Space Free | Partition Type: NTFS
Drive E: | 129.51 Gb Total Space | 88.36 Gb Free Space | 68.23% Space Free | Partition Type: NTFS

Computer Name: JIENCHI | User Name: Jienchino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/12 13:40:33 | 006,823,984 | ---- | M] (Spotify Ltd) -- C:\Program Files\Spotify\spotify.exe
PRC - [2011/11/08 22:35:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jienchino\Desktop\OTL.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 14:55:11 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/10 21:41:32 | 001,575,184 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/27 16:24:08 | 000,049,152 | ---- | M] (Vimicro) -- C:\WINDOWS\VM301Snap.exe
PRC - [2006/07/04 13:16:32 | 000,049,152 | ---- | M] () -- C:\WINDOWS\Domino.exe
PRC - [2004/08/25 11:43:14 | 000,020,480 | ---- | M] (Fujitsu Computer Systems Corporation) -- C:\Program Files\Fujitsu\Utils\FjEvents.exe
PRC - [2004/06/28 16:56:12 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe
PRC - [2003/10/27 17:00:26 | 000,032,768 | R--- | M] () -- C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
PRC - [2003/07/28 09:20:02 | 000,020,480 | R--- | M] (Fujitsu PC Corporation) -- C:\Program Files\Fujitsu\Utils\FjDspMon.exe


========== Modules (No Company Name) ==========

MOD - [2009/02/21 11:17:42 | 001,179,648 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll
MOD - [2009/02/21 11:17:41 | 000,462,848 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.3300.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2009/02/21 11:17:40 | 002,002,944 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.3300.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/02/21 11:17:40 | 001,302,528 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.3300.0__b77a5c561934e089\system.xml.dll
MOD - [2009/02/21 11:17:37 | 000,008,704 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.3300.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2009/02/21 11:15:24 | 000,110,592 | ---- | M] () -- c:\windows\assembly\gac\sklibrary\1.7.2600.5512__31bf3856ad364e35\sklibrary.dll
MOD - [2009/02/21 11:15:24 | 000,012,800 | ---- | M] () -- c:\windows\assembly\gac\softkeyboardlogic\1.7.2600.5512__31bf3856ad364e35\softkeyboardlogic.dll
MOD - [2009/02/21 11:15:24 | 000,009,216 | ---- | M] () -- c:\windows\assembly\gac\interop.softkeyboardinterface\1.7.2600.5512__31bf3856ad364e35\interop.softkeyboardinterface.dll
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/07/04 13:16:32 | 000,049,152 | ---- | M] () -- C:\WINDOWS\Domino.exe
MOD - [2004/08/13 16:00:22 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll
MOD - [2003/10/27 17:00:26 | 000,032,768 | R--- | M] () -- C:\Program Files\Fujitsu\Utils\FjMnuIco.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (hpdj00)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/10 21:41:32 | 001,575,184 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2007/03/26 12:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/06/10 21:41:02 | 000,086,544 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
DRV - [2007/04/04 19:27:14 | 001,471,104 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b) Vimicro USB PC Camera (ZC0301PL)
DRV - [2007/02/22 09:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 09:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 09:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 09:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2004/08/07 18:51:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/08/05 15:41:18 | 000,121,344 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 02:35:48 | 000,031,104 | ---- | M] (Wacom Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidpen.sys -- (hidpen)
DRV - [2004/07/05 08:25:54 | 000,103,391 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/06/24 03:40:52 | 000,257,904 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/06/07 13:45:40 | 001,267,724 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/04/06 05:04:00 | 000,191,264 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2004/03/10 07:44:00 | 000,005,760 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2004/01/06 08:48:42 | 000,011,831 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A302.sys -- ({E6759E0C-470B-44DC-A4A1-627E68BB3A85})
DRV - [2003/06/20 13:30:00 | 000,011,392 | ---- | M] (Fujitsu PC Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FjBtndrv.sys -- (Fjbtndrv)
DRV - [2003/06/11 17:53:00 | 000,023,468 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (O2SCBUS)
DRV - [2001/09/07 00:01:34 | 000,006,000 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/01 21:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1859266046-1103101676-2989237566-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
IE - HKU\S-1-5-21-1859266046-1103101676-2989237566-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.gmail.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.94
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=0&systemid=102&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Jienchino\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Jienchino\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jienchino\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jienchino\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/10 19:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/17 20:57:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 18:14:00 | 000,000,000 | ---D | M]

[2011/10/30 20:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jienchino\Application Data\Mozilla\Extensions
[2011/11/10 19:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jienchino\Application Data\Mozilla\Firefox\Profiles\hnl3ax3b.default\extensions
[2011/07/09 11:03:09 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Jienchino\Application Data\Mozilla\Firefox\Profiles\hnl3ax3b.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/10 19:25:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Jienchino\Application Data\Mozilla\Firefox\Profiles\hnl3ax3b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/13 22:20:25 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\Jienchino\Application Data\Mozilla\Firefox\Profiles\hnl3ax3b.default\searchplugins\scroogle-ssl.xml
[2011/11/10 18:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/25 20:23:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/22 00:11:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/10 18:48:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JIENCHINO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HNL3AX3B.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JIENCHINO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HNL3AX3B.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JIENCHINO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HNL3AX3B.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/11/10 19:35:01 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/10/30 20:48:01 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION
[2011/10/17 20:57:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/17 20:56:58 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/17 20:56:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/17 20:56:58 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/17 20:56:58 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/17 20:56:58 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/08 17:39:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1859266046-1103101676-2989237566-1004\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM301Snap.exe (Vimicro)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.exe ()
O4 - HKLM..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe (Fujitsu PC Corporation)
O4 - HKLM..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\FjEvents.exe (Fujitsu Computer Systems Corporation)
O4 - HKLM..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe ()
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1859266046-1103101676-2989237566-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1859266046-1103101676-2989237566-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1859266046-1103101676-2989237566-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1859266046-1103101676-2989237566-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C18311D6-FB6F-4577-859A-663C8AD81793}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jienchino\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jienchino\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/13 16:04:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 20:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jienchino\Application Data\AVG2012
[2011/11/10 19:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/11/10 19:34:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/11/10 19:27:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/08 23:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jienchino\Desktop\Management-Of-Adult-Asthma_files
[2011/11/08 22:35:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jienchino\Desktop\OTL.exe
[2011/11/08 21:51:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/06 19:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/06 18:43:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/06 18:43:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/06 18:43:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/06 18:43:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/06 18:42:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/06 11:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/06 10:46:36 | 004,284,155 | R--- | C] (Swearware) -- C:\Documents and Settings\Jienchino\Desktop\ComboFix.exe
[2011/11/04 07:40:43 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jienchino\Desktop\aswMBR.exe
[2011/11/04 07:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jienchino\Desktop\GooredFix Backups
[2011/11/04 07:38:36 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Jienchino\Desktop\GooredFix.exe
[2011/11/03 00:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jienchino\AppData
[2011/11/01 17:33:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jienchino\Start Menu\Programs\Administrative Tools
[2011/11/01 08:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/10/30 20:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jienchino\My Documents\Radio Retaliation
[2011/10/30 20:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\SearchCore for Browsers

========== Files - Modified Within 30 Days ==========

[2011/11/13 23:37:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1859266046-1103101676-2989237566-1004UA.job
[2011/11/13 23:17:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/13 23:17:07 | 1332,269,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 21:22:51 | 109,616,228 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/12 13:56:26 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2011/11/11 08:33:19 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/10 19:37:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1859266046-1103101676-2989237566-1004Core.job
[2011/11/10 19:35:01 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/08 23:55:25 | 000,054,335 | ---- | M] () -- C:\Documents and Settings\Jienchino\Desktop\Management-Of-Adult-Asthma.htm
[2011/11/08 22:35:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jienchino\Desktop\OTL.exe
[2011/11/08 17:39:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/06 11:07:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jienchino\Desktop\MBR.dat
[2011/11/06 10:44:03 | 004,284,155 | R--- | M] (Swearware) -- C:\Documents and Settings\Jienchino\Desktop\ComboFix.exe
[2011/11/04 21:05:59 | 000,631,574 | ---- | M] () -- C:\Documents and Settings\Jienchino\Application Data\NMM-MetaData.db
[2011/11/04 07:40:27 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jienchino\Desktop\aswMBR.exe
[2011/11/04 07:37:53 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Jienchino\Desktop\GooredFix.exe
[2011/11/03 01:19:41 | 000,007,948 | ---- | M] () -- C:\Documents and Settings\Jienchino\Desktop\hijackthis2_11_11
[2011/11/02 01:15:46 | 000,581,959 | ---- | M] () -- C:\Documents and Settings\Jienchino\Desktop\incomplete bladder emptying.PDF
[2011/11/02 01:01:31 | 000,580,079 | ---- | M] () -- C:\Documents and Settings\Jienchino\Desktop\urinary incontinence innovait.PDF
[2011/11/01 16:50:06 | 000,008,964 | ---- | M] () -- C:\Documents and Settings\Jienchino\Desktop\hijackthis1_11_11
[2011/11/01 08:25:29 | 000,367,206 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/01 08:25:29 | 000,046,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 08:23:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/19 16:42:23 | 000,072,599 | ---- | M] () -- C:\Documents and Settings\Jienchino\Desktop\red eye.PDF
[2011/10/18 16:53:37 | 001,254,923 | ---- | M] () -- C:\Documents and Settings\Jienchino\Desktop\RCGP fringe programme.PDF

========== Files Created - No Company Name ==========

[2011/11/13 21:22:51 | 109,616,228 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/10 19:35:01 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/08 23:55:23 | 000,054,335 | ---- | C] () -- C:\Documents and Settings\Jienchino\Desktop\Management-Of-Adult-Asthma.htm
[2011/11/06 18:43:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/06 18:43:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/06 18:43:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/06 18:43:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/06 18:43:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/06 11:07:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jienchino\Desktop\MBR.dat
[2011/11/03 01:19:41 | 000,007,948 | ---- | C] () -- C:\Documents and Settings\Jienchino\Desktop\hijackthis2_11_11
[2011/11/02 01:16:09 | 000,581,959 | ---- | C] () -- C:\Documents and Settings\Jienchino\Desktop\incomplete bladder emptying.PDF
[2011/11/02 01:02:31 | 000,580,079 | ---- | C] () -- C:\Documents and Settings\Jienchino\Desktop\urinary incontinence innovait.PDF
[2011/11/01 16:50:06 | 000,008,964 | ---- | C] () -- C:\Documents and Settings\Jienchino\Desktop\hijackthis1_11_11
[2011/10/19 16:42:54 | 000,072,599 | ---- | C] () -- C:\Documents and Settings\Jienchino\Desktop\red eye.PDF
[2011/10/18 16:56:59 | 001,254,923 | ---- | C] () -- C:\Documents and Settings\Jienchino\Desktop\RCGP fringe programme.PDF
[2010/03/23 11:02:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jienchino\Local Settings\Application Data\prvlcl.dat
[2010/01/20 13:50:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/28 20:23:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\Domino.exe
[2009/07/28 20:23:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2008/11/25 20:06:14 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Jienchino\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 10:30:58 | 000,004,007 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2008/10/04 13:34:39 | 000,631,574 | ---- | C] () -- C:\Documents and Settings\Jienchino\Application Data\NMM-MetaData.db
[2008/09/22 21:53:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/22 21:31:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/22 04:18:24 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Jienchino\Local Settings\Application Data\fusioncache.dat
[2004/08/31 07:02:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/16 11:11:11 | 000,000,982 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/13 16:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/13 15:59:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/13 08:52:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/13 08:51:25 | 000,301,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/12 11:28:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 11:28:07 | 000,367,206 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 11:28:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 11:28:07 | 000,046,654 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 11:28:07 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 11:28:06 | 000,004,499 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 11:28:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 11:28:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 11:27:56 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 11:27:56 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 11:27:47 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 11:27:40 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/11/10 20:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/06 11:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/08/20 13:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2011/07/05 19:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2011/11/01 08:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/11 11:34:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/18 16:36:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/10/04 13:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/11/13 21:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/04/03 10:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/05/29 11:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/05/29 14:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jienchino\Application Data\Amazon
[2011/11/10 20:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jienchino\Application Data\AVG2012
[2011/09/23 18:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jienchino\Application Data\BitTorrent
[2011/11/10 21:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jienchino\Application Data\Dropbox
[2011/06/05 17:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jienchino\Application Data\Foxit Software
[2011/06/30 22:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jienchino\Application Data\Nokia
[2009/04/02 13:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jienchino\Application Data\Nokia Multimedia Player
[2011/08/25 20:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jienchino\Application Data\OpenOffice.org
[2011/06/30 22:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jienchino\Application Data\PC Suite
[2011/11/13 23:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jienchino\Application Data\Spotify
[2011/08/17 21:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jienchino\Application Data\Windows Search
[2010/10/17 20:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Birdstep Technology

========== Purity Check ==========



< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=0&systemid=102&sr=0&q="

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
All processes killed
========== OTL ==========
Prefs.js: "http://www.searchqu.com/web?src=ffb&appid=0&systemid=102&sr=0&q=" removed from keyword.URL
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jienchino
->Temp folder emptied: 120748 bytes
->Temporary Internet Files folder emptied: 3226259 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61209670 bytes
->Flash cache emptied: 1656 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 372 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 62.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Jienchino
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11142011_225156

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Cool :)

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 29
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
 
Eset didnt find any threats. Have noticed that intermittently the internet stops working in Firefox.The wireless network is still connected but pages won't load. This is since we installed Java, could this be the problem?
 
Uninstall:
Java(TM) 6 Update 4
Java(TM) 6 Update 7

As for Firefox..
If you're using Firefox 3.x, close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).
If you're using Firefox 4, or higher go Help>Restart Firefox with Add-ons Disabled.
Same issue?

Other than that....

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jienchino
->Temp folder emptied: 34505 bytes
->Temporary Internet Files folder emptied: 1875997 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66416716 bytes
->Flash cache emptied: 2103 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 372 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Jienchino
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 11202011_105801

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
everything seems to be working fine, will let you know if any problems today as i'm using laptop all day
 
Way to go!!
p4193510.gif

Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
784
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back