Inactive Searches redirected and browser keeps reverting to proxy

bpm120 · Oct 21, 2010

If someone could help me out with this issue I would greatly appreciate it.

- links on searches ( google ) goto unintended sites.
- Internet has become really slow since this has been happening
- Broswer (s) have started to divert to a proxy 127.0.0.1:50370

It is a Windows 7 /64 machine so no Gmer Log.
-----------------------------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4905

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/21/2010 4:57:21 PM
mbam-log-2010-10-21 (16-57-21).txt

Scan type: Quick scan
Objects scanned: 150789
Time elapsed: 8 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------------

DDS (Ver_10-10-21.02) - NTFS_AMD64
Run by Y at 17:07:45.87 on Thu 10/21/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2313 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Tether\TBService.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\BatteryBar\BatteryBar.exe
C:\Program Files (x86)\DeskPins\DeskPins.exe
C:\Users\Y\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Launch Manager\LManager.EXE
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
C:\Windows\twain_32\Fjscan32\FiWiaChecker.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~2\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Y\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Y\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Y\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [FtLnSOP_setup] C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe
mRun: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwMkup.exe /Station
mRun: [FTPWRENV] C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
mRun: [FiWIA Service Checker] C:\Windows\Twain_32\Fjscan32\FiWiaChecker.exe
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Y\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BATTER~1.LNK - C:\Program Files\BatteryBar\BatteryBar.exe
StartupFolder: C:\Users\Y\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DeskPins.lnk - C:\Program Files (x86)\DeskPins\DeskPins.exe
StartupFolder: C:\Users\Y\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Y\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Y\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\Y\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ERRORR~1.LNK - C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {E6C5314C-A8BA-4188-8093-6664DC53004B} = 208.67.222.222,208.67.220.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{000a9d1c-beef-4f90-9363-039d445309b8}\lib\ff36\gears.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Y\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Y\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Y\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2009-1-7 24840]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-21 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-21 267432]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-21 81072]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-10-23 844320]
R2 FJTWMKSV;FJTWMKSV;C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe [2010-3-17 45056]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-3-9 14112]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-3-7 11576]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Tether;Tether;C:\Program Files (x86)\Tether\TBService.exe [2010-4-10 49080]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-23 240160]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-7-29 130560]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-7-29 952832]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-7-29 484864]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-26 138752]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-10-23 6952960]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-7 133104]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-5-26 40448]
S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2008-12-7 35848]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-10 35104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-3-17 30192]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2008-7-2 31624]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-10-23 57344]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\System32\drivers\PTDUBus.sys [2010-8-28 70672]
S3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\System32\drivers\PTDUMdm.sys [2010-8-28 173456]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\System32\drivers\PTDUVsp.sys [2010-8-28 173456]
S3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\System32\drivers\PTDUWFLT.sys [2010-8-28 12688]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\System32\drivers\PTDUWWAN.sys [2010-8-28 141840]
S3 qrkis;Tether Miniport;C:\Windows\System32\drivers\qrkis.sys [2010-4-2 50856]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2010-2-12 43664]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]

=============== Created Last 30 ================

2010-10-21 22:01:07 -------- d-----w- C:\Users\Y\AppData\Roaming\Avira
2010-10-21 19:20:09 81072 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-10-21 19:20:08 -------- d-----w- C:\Program Files (x86)\Avira
2010-10-21 19:20:08 -------- d-----w- C:\PROGRA~3\Avira
2010-10-20 22:47:45 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2010-10-20 22:47:45 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2010-10-20 05:04:15 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2010-10-12 07:27:15 -------- d-----w- C:\Users\Y\AppData\Local\WDC
2010-10-12 07:20:57 -------- d-----w- C:\PROGRA~3\Western Digital
2010-10-12 07:20:03 -------- d-----w- C:\Program Files\Western Digital
2010-10-12 07:20:03 -------- d-----w- C:\Program Files (x86)\Western Digital
2010-10-12 07:19:39 -------- d-----w- C:\Users\Y\AppData\Local\Western Digital
2010-10-11 20:36:38 -------- d-----w- C:\Users\Y\AppData\Roaming\Malwarebytes
2010-10-11 20:36:29 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-11 20:36:28 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-11 20:36:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-11 20:36:28 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-11 16:46:45 -------- d-----w- C:\portableapps
2010-10-11 16:43:38 -------- d-----w- C:\PROGRA~3\STOPzilla!
2010-10-04 16:08:58 -------- d-----w- C:\starts and Turns

==================== Find3M ====================

============= FINISH: 17:08:34.00 ===============

Broni · Oct 22, 2010

Welcome aboard

Please, observe board's rule: https://www.techspot.com/vb/topic154928.html

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

Open SUPERAntiSpyware.
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Copy and paste the Scan Log results in your next reply with a new HijackThis log.
Click Close to exit the program.

Post SUPERAntiSpyware log.

===================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

bpm120 · Oct 25, 2010

Thanks for replying sorry so long to get back to you. Here are the two logs that you asked for.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/25/2010 at 03:55 PM

Application Version : 4.44.1000

Core Rules Database Version : 5749
Trace Rules Database Version: 3561

Scan type : Complete Scan
Total Scan Time : 01:59:06

Memory items scanned : 319
Memory threats detected : 0
Registry items scanned : 14939
Registry threats detected : 0
File items scanned : 201780
File threats detected : 1

Trojan.Vundo-Variant/F
C:\WINDOWS\TWAIN_32\FJSCAN32\V09L21\OCR\FJ\F5BDKAKU.DLL

---------------------------------------------------------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: INSYDE
System Manufacturer: Gateway
System Product Name: EC14 Series
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 201):
0x0304D000 \SystemRoot\system32\ntoskrnl.exe
0x03004000 \SystemRoot\system32\hal.dll
0x00BBD000 \SystemRoot\system32\kdcom.dll
0x00C05000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C49000 \SystemRoot\system32\PSHED.dll
0x00C5D000 \SystemRoot\system32\CLFS.SYS
0x00CBB000 \SystemRoot\system32\CI.dll
0x00E5C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01086000 \SystemRoot\System32\Drivers\spgj.sys
0x011AC000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011B5000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F0F000 \SystemRoot\system32\DRIVERS\pci.sys
0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
0x011E4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x011ED000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F42000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F57000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FB3000 \SystemRoot\System32\drivers\mountmgr.sys
0x01237000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01353000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0135C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01386000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01391000 \SystemRoot\system32\drivers\fltmgr.sys
0x013DD000 \SystemRoot\system32\drivers\fileinfo.sys
0x01446000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00D7B000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0160D000 \SystemRoot\System32\Drivers\cng.sys
0x01680000 \SystemRoot\System32\drivers\pcw.sys
0x01691000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0169B000 \SystemRoot\system32\drivers\ndis.sys
0x0178D000 \SystemRoot\system32\drivers\NETIO.SYS
0x0141A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x00E00000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01ADE000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01B2A000 \SystemRoot\System32\Drivers\spldr.sys
0x01B32000 \SystemRoot\SysWOW64\speedfan.sys
0x01B39000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B73000 \SystemRoot\System32\Drivers\mup.sys
0x01B85000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B8E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BC8000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01A30000 \SystemRoot\System32\Drivers\BtHidBus.sys
0x02FA3000 \SystemRoot\System32\Drivers\Null.SYS
0x02FAC000 \SystemRoot\System32\Drivers\Beep.SYS
0x02FB3000 \SystemRoot\System32\drivers\vga.sys
0x02FC1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02FE6000 \SystemRoot\System32\drivers\watchdog.sys
0x02FF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02E00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02E09000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02E12000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02E1D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02F79000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02E2E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01A43000 \SystemRoot\system32\drivers\afd.sys
0x03C16000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03C5B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03C64000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03C8A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03CA0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03CAF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03CCA000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x03CD6000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x03D04000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03D18000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03D22000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03D2C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03D7D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03D89000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D94000 \SystemRoot\System32\drivers\discache.sys
0x03DA3000 \SystemRoot\System32\Drivers\dfsc.sys
0x03DC1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03DD2000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x01200000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03C00000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03DF4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03E6A000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04644000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04738000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0477E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0478B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x047E1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04A21000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x050CE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x050DB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x050F9000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x05105000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05114000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0515D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0515F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0516E000 \SystemRoot\System32\Drivers\a5j0tgle.SYS
0x051B1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x051BA000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x051CA000 \SystemRoot\System32\Drivers\RootMdm.sys
0x051D2000 \SystemRoot\system32\drivers\modem.sys
0x051E1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0456C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04590000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04624000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x045BF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03E00000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x04A0C000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x03E22000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x00FCD000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x04A14000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05480000 \SystemRoot\system32\DRIVERS\ks.sys
0x054C3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x054D5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0552F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05544000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0556E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x07015000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0557B000 \SystemRoot\system32\drivers\portcls.sys
0x055B8000 \SystemRoot\system32\drivers\drmk.sys
0x071F4000 \SystemRoot\system32\drivers\ksthunk.sys
0x05400000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x05427000 \SystemRoot\system32\DRIVERS\udfs.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x07000000 \SystemRoot\System32\drivers\Dxapi.sys
0x055DA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02E3B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x055E8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x047F2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005C0000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x02F57000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02294000 \SystemRoot\System32\Drivers\usbvideo.sys
0x022C2000 \SystemRoot\system32\drivers\luafv.sys
0x022E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x02302000 \SystemRoot\system32\drivers\WudfPf.sys
0x02323000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x0232F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02344000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02397000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x023AA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02A1B000 \SystemRoot\system32\drivers\HTTP.sys
0x02AE3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02B01000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02B19000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02B45000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02B92000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x074A2000 \SystemRoot\system32\drivers\peauth.sys
0x07548000 \??\C:\Windows\system32\drivers\regi.sys
0x07550000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0755B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07588000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0x07590000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07400000 \SystemRoot\System32\DRIVERS\srv2.sys
0x076EF000 \SystemRoot\System32\DRIVERS\srv.sys
0x07789000 \??\C:\Programs Stand Alone - 1801 Tray\WinRing0x64.sys
0x07600000 \SystemRoot\system32\drivers\spsys.sys
0x779A0000 \Windows\System32\ntdll.dll
0x47600000 \Windows\System32\smss.exe
0xFFCC0000 \Windows\System32\apisetschema.dll
0xFFDB0000 \Windows\System32\autochk.exe
0xFFBA0000 \Windows\System32\msctf.dll
0xFFB30000 \Windows\System32\gdi32.dll
0xFFA60000 \Windows\System32\usp10.dll
0xFF8E0000 \Windows\System32\urlmon.dll
0xFF890000 \Windows\System32\Wldap32.dll
0xFF860000 \Windows\System32\imm32.dll
0xFF780000 \Windows\System32\oleaut32.dll
0xFF730000 \Windows\System32\ws2_32.dll
0xFF650000 \Windows\System32\advapi32.dll
0xFF5B0000 \Windows\System32\comdlg32.dll
0x77B70000 \Windows\System32\normaliz.dll
0xFF530000 \Windows\System32\shlwapi.dll
0x77880000 \Windows\System32\kernel32.dll
0xFF490000 \Windows\System32\clbcatq.dll
0xFE700000 \Windows\System32\shell32.dll
0xFE660000 \Windows\System32\msvcrt.dll
0xFE650000 \Windows\System32\lpk.dll
0xFE470000 \Windows\System32\setupapi.dll
0xFE340000 \Windows\System32\wininet.dll
0x77780000 \Windows\System32\user32.dll
0xFE320000 \Windows\System32\sechost.dll
0xFE300000 \Windows\System32\imagehlp.dll
0xFE1D0000 \Windows\System32\rpcrt4.dll
0x77B60000 \Windows\System32\psapi.dll
0xFDF70000 \Windows\System32\iertutil.dll
0xFDEF0000 \Windows\System32\difxapi.dll
0xFDEE0000 \Windows\System32\nsi.dll
0xFDCD0000 \Windows\System32\ole32.dll
0xFDC30000 \Windows\System32\comctl32.dll
0xFDC10000 \Windows\System32\devobj.dll
0xFDBD0000 \Windows\System32\wintrust.dll
0xFDB60000 \Windows\System32\KernelBase.dll
0xFD9F0000 \Windows\System32\crypt32.dll
0xFD9B0000 \Windows\System32\cfgmgr32.dll
0xFD9A0000 \Windows\System32\msasn1.dll
0x75900000 \Windows\SysWOW64\normaliz.dll

Processes (total 93):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
444 csrss.exe
504 C:\Windows\System32\wininit.exe
520 csrss.exe
552 C:\Windows\System32\services.exe
576 C:\Windows\System32\lsass.exe
584 C:\Windows\System32\lsm.exe
692 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\winlogon.exe
820 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
328 C:\Windows\System32\svchost.exe
340 C:\Windows\System32\audiodg.exe
816 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\spoolsv.exe
1352 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1376 C:\Windows\System32\svchost.exe
1528 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1548 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1580 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1712 C:\Windows\System32\taskhost.exe
1824 C:\Windows\System32\dwm.exe
1864 C:\Windows\explorer.exe
1916 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1940 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2004 C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
2044 C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe
1104 C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
1560 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1780 C:\Windows\System32\conhost.exe
1276 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
1228 C:\Windows\System32\svchost.exe
2096 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
2136 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2360 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2368 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
2392 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2400 C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
2448 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2484 C:\Windows\System32\igfxtray.exe
2496 C:\Windows\System32\hkcmd.exe
2504 C:\Windows\System32\igfxpers.exe
2568 C:\Windows\System32\igfxsrvc.exe
2620 C:\Program Files (x86)\Skype\Phone\Skype.exe
2748 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2760 C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
3008 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
3028 C:\Program Files (x86)\Launch Manager\LManager.EXE
3036 C:\Program Files (x86)\Video Web Camera\traybar.exe
3048 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
3056 C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
3064 C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
1832 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1672 C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
1652 C:\Windows\twain_32\Fjscan32\FiWiaChecker.exe
1732 C:\Windows\System32\taskeng.exe
472 C:\Programs Stand Alone - 1801 Tray\1810Tray.exe
2412 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2724 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
980 C:\Program Files\BatteryBar\BatteryBar.exe
468 C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
1248 C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
932 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2840 C:\Program Files (x86)\DeskPins\DeskPins.exe
2924 C:\Users\Y\AppData\Roaming\Dropbox\bin\Dropbox.exe
3044 C:\Program Files (x86)\MagicDisc\MagicDisc.exe
1840 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
2632 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
2660 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3564 C:\Windows\System32\igfxext.exe
3632 C:\Windows\System32\wbem\unsecapp.exe
3764 WmiPrvSE.exe
3888 C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
3136 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
3988 C:\Program Files\iPod\bin\iPodService.exe
3600 C:\Windows\System32\SearchIndexer.exe
4128 C:\Windows\System32\svchost.exe
4172 C:\Windows\System32\svchost.exe
4604 C:\Windows\System32\SearchProtocolHost.exe
4772 C:\Windows\System32\svchost.exe
5088 C:\Program Files\Windows Media Player\wmpnetwk.exe
5000 C:\Windows\System32\svchost.exe
4084 C:\Windows\System32\sppsvc.exe
1388 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2184 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4872 C:\Users\Y\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
2416 C:\Windows\System32\SearchFilterHost.exe
4192 C:\Users\Y\Desktop\MBRCheck.exe
2564 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`06500000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545050B9A300, Rev: PB4OC60F

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Broni · Oct 25, 2010

Which browser is getting redirected?
Did you try different browser? Same issue?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

bpm120 · Oct 26, 2010

Please note I tried pasting the OTL logs into the message but it surpasses the 50k character limit.

The proxy changes are happening in google Chrome and my primary browser firefox. When I swtich the proxy back the redirection does not SEEM to happen. However, the browsers revert to the proxy settings after a bit after I change them to no proxy. The browser is reverting them back or something is "telling" the browser to revert back to the proxy settings. These are not proxy settings I have put in myself nor any program that I think I using that is doing such.

I have run OTL three times trying to get it to spit out an extras file. I can not.

I searched on my computer to the file to no avail also.

I downloaded the OTL program from the link that was given above and did not change any settings.

Broni · Oct 26, 2010

https://www.techspot.com/vb/topic154928.html

If some logs exceeds 50,000 characters, split it between couple of posts.
The above rule will be strictly enforced.
Attached logs will NOT be reviewed anymore.

The reason behind it is, that pasted logs can be easier and faster read by malware helper.

bpm120 · Oct 26, 2010

OTL logfile created on: 10/26/2010 12:25:56 PM - Run 4
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Y\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 14.24 Gb Free Space | 3.14% Space Free | Partition Type: NTFS
Drive D: | 3.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YCOMP | User Name: Y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/25 23:09:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Y\Desktop\OTL.exe
PRC - [2010/10/12 16:59:03 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/12 16:58:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/03/05 10:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Y\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/10/21 14:58:56 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\FiWiaChecker.exe
PRC - [2009/09/24 07:14:46 | 000,825,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.EXE
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/28 00:29:16 | 000,286,720 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
PRC - [2009/07/08 16:45:34 | 000,131,072 | ---- | M] (FUJITSU LIMITED) -- C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/07/02 17:52:38 | 003,310,080 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
PRC - [2009/06/29 16:45:28 | 000,630,784 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/23 07:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 07:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/16 01:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/12/09 22:54:40 | 000,143,360 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
PRC - [2007/10/16 19:58:38 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
PRC - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe
PRC - [2004/05/02 12:02:51 | 000,062,464 | ---- | M] (Elias Fotinis) -- C:\Program Files (x86)\DeskPins\DeskPins.exe

========== Modules (SafeList) ==========

MOD - [2010/10/25 23:09:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Y\Desktop\OTL.exe
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/07/29 15:27:20 | 000,130,560 | ---- | M] (WDC) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/09/04 13:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/07/29 15:25:00 | 000,952,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/07/29 15:24:16 | 000,484,864 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/07/07 07:42:57 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VcommMgr.sys -- (VcommMgr)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VComm.sys -- (VComm)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwmodem.sys -- (btwmodem)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwhid.sys -- (btwhid)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btport.sys -- (BTDriver)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btaudio.sys -- (btaudio)
DRV:64bit: - [2010/06/30 15:18:41 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/12/17 14:58:04 | 000,145,360 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/10/16 09:23:00 | 000,050,856 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qrkis.sys -- (qrkis)
DRV:64bit: - [2009/09/20 22:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/14 23:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/08/28 21:15:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/08/28 21:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 21:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/08/12 06:14:16 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV:64bit: - [2009/08/12 06:14:16 | 000,141,840 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV:64bit: - [2009/08/12 06:14:16 | 000,070,672 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUBus.sys -- (PTDUBus)
DRV:64bit: - [2009/08/12 06:14:16 | 000,012,688 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUWFLT.sys -- (PTDUWFLT)
DRV:64bit: - [2009/08/12 06:14:12 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV:64bit: - [2009/07/28 15:35:52 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 08:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/26 04:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/27 03:25:58 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/04/07 17:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/02 14:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/03/02 14:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2009/01/07 23:38:18 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2008/12/07 12:44:56 | 000,035,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2008/08/19 22:16:42 | 000,056,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwusb.sys -- (BTWUSB)
DRV:64bit: - [2008/07/02 14:58:50 | 000,031,624 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/03/28 10:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2007/04/17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2010/10/21 22:34:51 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Programs Stand Alone - 1801 Tray\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/05/25 15:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=ec14_series&r=273603109106l0333z125a49l1w94q
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/20 17:47:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/20 17:47:46 | 000,000,000 | ---D | M]

[2010/03/06 08:34:37 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mozilla\Extensions
[2010/10/25 17:52:56 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions
[2010/04/27 09:02:21 | 000,000,000 | ---D | M] (Google Gears) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{000a9d1c-beef-4f90-9363-039d445309b8}
[2010/04/27 09:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{000a9d1c-beef-4f90-9363-039d445309b8}-trash
[2010/03/13 22:20:15 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/09/17 11:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/03/13 22:20:16 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2010/03/13 22:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2010/10/22 12:44:41 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\hlhi8az4.extended\extensions
[2010/10/20 10:28:52 | 000,002,278 | ---- | M] () -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profiles\830egp9q.default\searchplugins\aopa-airports.xml
[2010/10/25 19:25:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/16 15:05:36 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/10/11 11:49:40 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FiWIA Service Checker] C:\Windows\twain_32\Fjscan32\FiWiaChecker.exe (PFU LIMITED)
O4 - HKLM..\Run: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwMkup.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [FTPWRENV] C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe (PFU LIMITED)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ServiceName] c:\Programs Stand Alone - 1801 Tray\1801Tray.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BatteryBar.lnk = C:\Program Files\BatteryBar\BatteryBar.exe (Osiris Development)
O4 - Startup: C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk = C:\Program Files (x86)\DeskPins\DeskPins.exe (Elias Fotinis)
O4 - Startup: C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Y\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe File not found
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x64/MuCatalogWebControl.cab?1287552448678 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0bef21ca-392e-11df-bdf4-00269eb3352b}\Shell - "" = AutoRun
O33 - MountPoints2\{0bef21ca-392e-11df-bdf4-00269eb3352b}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

bpm120 · Oct 26, 2010

========== Files/Folders - Created Within 30 Days ==========

[2010/10/25 23:09:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Y\Desktop\OTL.exe
[2010/10/25 13:50:51 | 000,000,000 | ---D | C] -- C:\Users\Y\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/25 13:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/25 13:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/10/25 13:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/23 22:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2010/10/23 13:00:55 | 006,187,744 | ---- | C] (ELTIMA Software ) -- C:\Users\Y\Desktop\application.exe
[2010/10/22 22:06:00 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\pics to file
[2010/10/22 01:19:44 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Y\Desktop\SUPERAntiSpyware.exe
[2010/10/22 00:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2
[2010/10/22 00:43:40 | 000,620,184 | ---- | C] (Eric Lawrence) -- C:\Users\Y\Desktop\Fiddler2Setup.exe
[2010/10/21 22:34:45 | 000,000,000 | ---D | C] -- C:\Programs Stand Alone - 1801 Tray
[2010/10/21 17:01:07 | 000,000,000 | ---D | C] -- C:\Users\Y\AppData\Roaming\Avira
[2010/10/21 14:20:09 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/10/21 14:20:09 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/10/21 14:20:09 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/10/21 14:20:09 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/10/21 14:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/10/21 14:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/10/20 00:29:15 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\Microsoft driver update for hp psc 1300 series
[2010/10/18 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\clean me up
[2010/10/15 19:26:00 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\2009 Taxes
[2010/10/12 02:27:15 | 000,000,000 | ---D | C] -- C:\Users\Y\AppData\Local\WDC
[2010/10/12 02:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010/10/12 02:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/10/12 02:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2010/10/12 02:19:39 | 000,000,000 | ---D | C] -- C:\Users\Y\AppData\Local\Western Digital
[2010/10/11 15:36:38 | 000,000,000 | ---D | C] -- C:\Users\Y\AppData\Roaming\Malwarebytes
[2010/10/11 15:36:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/11 15:36:28 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/11 15:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/11 15:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/11 11:46:45 | 000,000,000 | ---D | C] -- C:\portableapps
[2010/10/11 11:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/10/04 11:08:58 | 000,000,000 | ---D | C] -- C:\starts and Turns
[2010/09/30 00:45:44 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\These are duplicat MI pics from Jens Camera
[2010/09/30 00:45:01 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\Jens
[2010/09/29 13:43:03 | 000,000,000 | ---D | C] -- C:\Users\Y\Desktop\Figure this out payments maybe flights
[2010/03/07 12:01:43 | 000,212,992 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.ComctlLib.dll
[2010/03/07 12:01:43 | 000,114,688 | ---- | C] ( ) -- C:\Windows\SysWow64\AxInterop.ComctlLib.dll
[1 C:\Users\Y\*.tmp files -> C:\Users\Y\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/26 11:58:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1796360434-53067279-1229447859-1000UA.job
[2010/10/26 11:36:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/26 10:47:37 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1796360434-53067279-1229447859-1000Core.job
[2010/10/26 10:32:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/25 23:09:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Y\Desktop\OTL.exe
[2010/10/25 18:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/25 16:10:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/25 16:10:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/25 16:07:23 | 000,080,384 | ---- | M] () -- C:\Users\Y\Desktop\MBRCheck.exe
[2010/10/25 16:01:36 | 3144,871,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/25 13:50:47 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/25 13:49:34 | 000,001,116 | ---- | M] () -- C:\Users\Y\Desktop\1810Tray.exe - Shortcut.lnk
[2010/10/23 22:49:59 | 000,001,014 | ---- | M] () -- C:\Users\Y\Desktop\SpeedFan.lnk
[2010/10/23 22:49:57 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/10/23 22:47:19 | 001,967,336 | ---- | M] () -- C:\Users\Y\Desktop\installspeedfan441.exe
[2010/10/23 19:27:42 | 000,007,601 | ---- | M] () -- C:\Users\Y\AppData\Local\Resmon.ResmonCfg
[2010/10/23 13:34:48 | 000,163,562 | ---- | M] () -- C:\Users\Y\Desktop\Modify your budget.com rese....pdf
[2010/10/23 13:01:10 | 006,187,744 | ---- | M] (ELTIMA Software ) -- C:\Users\Y\Desktop\application.exe
[2010/10/23 12:28:14 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/23 12:28:14 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/23 12:28:14 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/22 20:41:34 | 000,088,094 | ---- | M] () -- C:\Users\Y\Desktop\Falcon certificate of insurance 7825t.pdf
[2010/10/22 12:42:39 | 000,119,296 | ---- | M] () -- C:\Users\Y\Desktop\Pilots.xls
[2010/10/22 12:39:24 | 000,027,583 | ---- | M] () -- C:\Users\Y\Desktop\pilots.csv
[2010/10/22 10:51:20 | 000,011,589 | ---- | M] () -- C:\Users\Y\Documents\Dickey History.pdf
[2010/10/22 09:59:54 | 000,008,162 | ---- | M] () -- C:\Users\Y\Documents\Ward.pdf
[2010/10/22 01:20:12 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Y\Desktop\SUPERAntiSpyware.exe
[2010/10/22 00:43:43 | 000,620,184 | ---- | M] (Eric Lawrence) -- C:\Users\Y\Desktop\Fiddler2Setup.exe
[2010/10/21 22:33:00 | 000,400,445 | ---- | M] () -- C:\Users\Y\Desktop\1810tray.52.zip
[2010/10/21 22:03:20 | 000,058,859 | ---- | M] () -- C:\Users\Y\Documents\Untitled.wma
[2010/10/21 14:20:16 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/10/21 14:13:16 | 044,089,904 | ---- | M] () -- C:\Users\Y\Desktop\avira_antivir_personal_en.exe
[2010/10/21 14:10:41 | 000,247,981 | ---- | M] () -- C:\Users\Y\Desktop\UPDATED 8-step Viruses_Spyw....pdf
[2010/10/21 01:45:01 | 000,150,528 | ---- | M] () -- C:\Users\Y\Documents\Treasurer Temp.xls
[2010/10/20 17:47:49 | 000,001,970 | ---- | M] () -- C:\Users\Y\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/20 16:09:39 | 000,346,980 | ---- | M] () -- C:\Users\Y\Desktop\Payments inport - 101020.ods
[2010/10/19 17:27:03 | 000,007,630 | ---- | M] () -- C:\Users\Y\Documents\Mike Watkins.pdf
[2010/10/12 02:20:55 | 000,000,137 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/12 02:20:51 | 000,001,325 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/10/11 13:39:40 | 000,001,368 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/10/11 11:19:17 | 000,000,046 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/08 17:20:51 | 000,264,717 | ---- | M] () -- C:\Users\Y\Desktop\BrakeRebate.pdf
[2010/10/08 11:41:09 | 000,007,346 | ---- | M] () -- C:\Users\Y\Documents\mckenna - John - Final.pdf
[2010/10/06 22:38:18 | 000,006,864 | ---- | M] () -- C:\Users\Y\Documents\Griswold.pdf
[2010/10/02 01:11:44 | 000,021,504 | ---- | M] () -- C:\Users\Y\Documents\Note on Statement.doc
[2010/10/01 20:25:07 | 000,080,808 | ---- | M] () -- C:\Users\Y\Desktop\Flight import ss - 1020.ods
[2010/10/01 20:25:07 | 000,080,808 | ---- | M] () -- C:\Users\Y\Documents\Flight import ss - 100929.ods
[2010/10/01 17:11:43 | 000,333,481 | ---- | M] () -- C:\Users\Y\Documents\Payments inport - 100930.ods
[2010/09/28 17:33:00 | 000,026,979 | ---- | M] () -- C:\Users\Y\Documents\20100921 Pilots.prn
[1 C:\Users\Y\*.tmp files -> C:\Users\Y\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/25 16:07:22 | 000,080,384 | ---- | C] () -- C:\Users\Y\Desktop\MBRCheck.exe
[2010/10/25 13:50:47 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/25 13:49:34 | 000,001,116 | ---- | C] () -- C:\Users\Y\Desktop\1810Tray.exe - Shortcut.lnk
[2010/10/23 22:49:59 | 000,001,014 | ---- | C] () -- C:\Users\Y\Desktop\SpeedFan.lnk
[2010/10/23 22:49:57 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/10/23 22:47:16 | 001,967,336 | ---- | C] () -- C:\Users\Y\Desktop\installspeedfan441.exe
[2010/10/23 19:27:42 | 000,007,601 | ---- | C] () -- C:\Users\Y\AppData\Local\Resmon.ResmonCfg
[2010/10/23 13:34:46 | 000,163,562 | ---- | C] () -- C:\Users\Y\Desktop\Modify your budget.com rese....pdf
[2010/10/22 20:41:33 | 000,088,094 | ---- | C] () -- C:\Users\Y\Desktop\Falcon certificate of insurance 7825t.pdf
[2010/10/22 12:42:38 | 000,119,296 | ---- | C] () -- C:\Users\Y\Desktop\Pilots.xls
[2010/10/22 10:51:12 | 000,011,589 | ---- | C] () -- C:\Users\Y\Documents\Dickey History.pdf
[2010/10/22 09:59:49 | 000,008,162 | ---- | C] () -- C:\Users\Y\Documents\Ward.pdf
[2010/10/21 22:33:00 | 000,400,445 | ---- | C] () -- C:\Users\Y\Desktop\1810tray.52.zip
[2010/10/21 22:03:19 | 000,058,859 | ---- | C] () -- C:\Users\Y\Documents\Untitled.wma
[2010/10/21 14:20:16 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/10/21 14:11:09 | 044,089,904 | ---- | C] () -- C:\Users\Y\Desktop\avira_antivir_personal_en.exe
[2010/10/21 14:10:37 | 000,247,981 | ---- | C] () -- C:\Users\Y\Desktop\UPDATED 8-step Viruses_Spyw....pdf
[2010/10/20 12:39:14 | 000,346,980 | ---- | C] () -- C:\Users\Y\Desktop\Payments inport - 101020.ods
[2010/10/20 12:39:05 | 000,080,808 | ---- | C] () -- C:\Users\Y\Desktop\Flight import ss - 1020.ods
[2010/10/19 17:27:00 | 000,007,630 | ---- | C] () -- C:\Users\Y\Documents\Mike Watkins.pdf
[2010/10/19 16:31:30 | 000,027,583 | ---- | C] () -- C:\Users\Y\Desktop\pilots.csv
[2010/10/12 02:20:55 | 000,000,137 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/12 02:20:51 | 000,001,325 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/10/11 13:39:21 | 000,001,368 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/10/11 11:19:07 | 000,000,046 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/08 17:23:19 | 000,264,717 | ---- | C] () -- C:\Users\Y\Desktop\BrakeRebate.pdf
[2010/10/08 11:41:07 | 000,007,346 | ---- | C] () -- C:\Users\Y\Documents\mckenna - John - Final.pdf
[2010/10/06 22:38:16 | 000,006,864 | ---- | C] () -- C:\Users\Y\Documents\Griswold.pdf
[2010/09/29 13:59:53 | 000,080,808 | ---- | C] () -- C:\Users\Y\Documents\Flight import ss - 100929.ods
[2010/09/29 13:50:42 | 000,333,481 | ---- | C] () -- C:\Users\Y\Documents\Payments inport - 100930.ods
[2010/09/28 17:32:58 | 000,026,979 | ---- | C] () -- C:\Users\Y\Documents\20100921 Pilots.prn
[2010/07/27 16:28:11 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\PROTOCOL.INI
[2010/06/29 18:03:15 | 000,000,120 | ---- | C] () -- C:\Users\Y\AppData\Roaming\FixVTS.ini
[2010/03/17 16:16:17 | 000,000,712 | ---- | C] () -- C:\Windows\FJTWSTI.INI
[2010/03/16 10:33:20 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/03/09 19:00:02 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/03/09 19:00:02 | 000,000,088 | RHS- | C] () -- C:\ProgramData\215137770C.sys
[2010/03/07 12:01:42 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
[2010/03/07 12:01:42 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/17 05:07:07 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\allTunes
[2010/05/24 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\BatteryBar
[2010/10/25 16:02:46 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Dropbox
[2010/07/26 00:27:17 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\esri
[2010/03/16 15:05:46 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Foxit
[2010/03/18 16:49:51 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Foxit Software
[2010/03/17 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Fujitsu
[2010/03/17 05:18:44 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\GHISLER
[2010/07/26 19:47:36 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\GPS Utility
[2010/03/17 05:13:48 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\IrfanView
[2010/05/08 17:44:38 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mp3tag
[2010/03/16 14:49:44 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\OpenOffice.org
[2010/06/21 08:53:19 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Research In Motion
[2010/07/26 14:52:35 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\RipIt4Me
[2010/04/17 13:56:26 | 000,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Tether
[2009/07/14 00:08:49 | 000,027,916 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/10/23 19:02:28 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/07/26 02:15:58 | 049,304,674 | ---- | M] () -- C:\Detroit 80 North.tif
[2010/10/25 16:01:36 | 3144,871,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/25 16:01:39 | 4193,165,312 | -HS- | M] () -- C:\pagefile.sys
[2010/03/09 18:57:20 | 000,486,806 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 15:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/10/11 15:45:30 | 000,012,687 | ---- | M] () -- C:\Users\Y\AppData\Roaming\Microsoft\stor.cfg

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/06 08:24:29 | 000,000,221 | -HS- | M] () -- C:\Users\Y\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/23 13:01:10 | 006,187,744 | ---- | M] (ELTIMA Software ) -- C:\Users\Y\Desktop\application.exe
[2010/10/21 14:13:16 | 044,089,904 | ---- | M] () -- C:\Users\Y\Desktop\avira_antivir_personal_en.exe
[2010/10/22 00:43:43 | 000,620,184 | ---- | M] (Eric Lawrence) -- C:\Users\Y\Desktop\Fiddler2Setup.exe
[2010/10/23 22:47:19 | 001,967,336 | ---- | M] () -- C:\Users\Y\Desktop\installspeedfan441.exe
[2010/10/25 16:07:23 | 000,080,384 | ---- | M] () -- C:\Users\Y\Desktop\MBRCheck.exe
[2010/10/25 23:09:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Y\Desktop\OTL.exe
[2010/10/22 01:20:12 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Y\Desktop\SUPERAntiSpyware.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/08/14 18:51:32 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/08/14 18:51:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/07/26 17:52:55 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/07/26 17:52:55 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/08/14 18:51:33 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/03/06 07:55:13 | 000,000,402 | -HS- | M] () -- C:\Users\Y\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/06/07 13:02:44 | 000,000,088 | RHS- | M] () -- C:\ProgramData\215137770C.sys
[2010/06/07 13:02:46 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/10/12 02:20:55 | 000,000,137 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Broni · Oct 26, 2010

1.

Which browser is getting redirected?
Did you try different browser? Same issue?

2. I still need Extras.txt log.

bpm120 · Oct 26, 2010

The answer to your questions are in a previous post. Sorry about not splitting the logs.

bpm120 said:
The proxy changes are happening in google Chrome and my primary browser firefox. When I switch the proxy back the redirection does not SEEM to happen. However, the browsers revert to the proxy settings after a bit after I change them to no proxy. The browser is reverting them back or something is "telling" the browser to revert back to the proxy settings. These are not proxy settings I have put in myself nor any program that I think I using that is doing such.

I have run OTL three times trying to get it to spit out an extras file. I can not.

I searched on my computer to the file to no avail also.

I downloaded the OTL program from the link that was given above and did not change any settings.

Broni · Oct 26, 2010

OK. Let me take a look at OTL log.

Broni · Oct 26, 2010

You're running extremely low on C drive free space:

Drive C: | 453.66 Gb Total Space | 14.24 Gb Free Space | 3.14% Space Free

You have to start moving stuff out as soon, as possible.

========================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

========================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [ServiceName] c:\Programs Stand Alone - 1801 Tray\1801Tray.exe File not found
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe File not found
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{0bef21ca-392e-11df-bdf4-00269eb3352b}\Shell - "" = AutoRun
O33 - MountPoints2\{0bef21ca-392e-11df-bdf4-00269eb3352b}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
[2010/10/11 11:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[1 C:\Users\Y\*.tmp files -> C:\Users\Y\*.tmp -> ]
[2010/03/09 19:00:02 | 000,000,088 | RHS- | C] () -- C:\ProgramData\215137770C.sys


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

Broni · Nov 1, 2010

Are you still out there?

Inactive Searches redirected and browser keeps reverting to proxy

bpm120

Posts: 6 +0

Attachments

Broni

Posts: 56,041 +517

bpm120

Posts: 6 +0

Broni

Posts: 56,041 +517

bpm120

Posts: 6 +0

Attachments

Broni

Posts: 56,041 +517

bpm120

Posts: 6 +0

bpm120

Posts: 6 +0

Broni

Posts: 56,041 +517

bpm120

Posts: 6 +0

Broni

Posts: 56,041 +517

Broni

Posts: 56,041 +517

Broni

Posts: 56,041 +517

Similar threads

Latest posts