Solved Google Search Results Redirect to wrong sites

broni · 2010/06/12

What is your current AV program?
I can see McAfee, Norton and eTrust Internet Security running.

sambaker · 2010/06/12

McAfee is my current AV program. The Norton program is Ghost, which I have never used. eTrust PestPatrol is an anti-spyware tool that I use from time to time to scan for spyware or other nuisances.

broni · 2010/06/12

All clear then...
If you don't use Norton Ghost, I suggest, you uninstall it, since it's running eating up your resources.
Use Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

================================================================

Verify your Java version here: http://www.java.com/en/download/installed.jsp
Update, if necessary.
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

================================================================

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - c:\Program Files\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)
FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: c:\Program Files\Stopzilla!\Toolbar\Extension [2009/12/04 23:56:43 | 000,000,000 | ---D | M]
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - c:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - c:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...1/mcinsctl.cab  (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jin...ndows-i586.cab (Reg Error: Key error.)
O36 - AppCertDlls: chkdsmui - (C:\WINDOWS\system32\icarhone.dll) - C:\WINDOWS\System32\icarhone.dll File not found
[2010/03/22 04:16:01 | 003,369,216 | ---- | C] (BluePenguin Software Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\spyzookasetup.exe
[2010/03/11 22:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2006/08/10 11:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/03/09 23:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Viewpoint
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 "DisableMonitoring" =-

:Files
c:\Program Files\STOPzilla!

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

sambaker · 2010/06/13

I uninstalled Norton Ghost, updated my version of Java, and ran the custom fix you provided with OTL.

Here is the OTL log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{D3F669EB-57CE-4f45-8FBD-E245CBB46366} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3F669EB-57CE-4f45-8FBD-E245CBB46366}\ deleted successfully.
c:\Program Files\STOPzilla!\Toolbar\SZIESearchHook.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{780044d1-e8c0-488f-8059-4522ddbfc2ea}\ not found.
c:\Program Files\Stopzilla!\Toolbar\Extension\skin folder moved successfully.
c:\Program Files\Stopzilla!\Toolbar\Extension\locale\en-US folder moved successfully.
c:\Program Files\Stopzilla!\Toolbar\Extension\locale folder moved successfully.
c:\Program Files\Stopzilla!\Toolbar\Extension\defaults\preferences folder moved successfully.
c:\Program Files\Stopzilla!\Toolbar\Extension\defaults folder moved successfully.
c:\Program Files\Stopzilla!\Toolbar\Extension\content folder moved successfully.
c:\Program Files\Stopzilla!\Toolbar\Extension\components folder moved successfully.
c:\Program Files\Stopzilla!\Toolbar\Extension folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1827766B-9F49-4854-8034-F6EE26FCB1EC}\ deleted successfully.
c:\Program Files\STOPzilla!\Toolbar\SZSG.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98828DED-A591-462F-83BA-D2F62A68B8B8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98828DED-A591-462F-83BA-D2F62A68B8B8}\ deleted successfully.
File c:\Program Files\STOPzilla!\Toolbar\SZSG.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
C:\Program Files\Yahoo!\Common\yinst.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\chkdsmui:C:\WINDOWS\system32\icarhone.dll deleted successfully.
C:\Documents and Settings\Brandon McGahee\My Documents\spyzookasetup.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\STOPzilla! folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Brandon McGahee\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Brandon McGahee\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Brandon McGahee\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Brandon McGahee\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Brandon McGahee\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\Brandon McGahee\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\Brandon McGahee\Application Data\Viewpoint folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
c:\Program Files\STOPzilla!\Toolbar folder moved successfully.
c:\Program Files\STOPzilla! folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: All Users

User: Brandon McGahee
->Temp folder emptied: 52601591 bytes
->Temporary Internet Files folder emptied: 11606105 bytes
->Java cache emptied: 55524271 bytes
->FireFox cache emptied: 105084796 bytes
->Flash cache emptied: 12635 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1398 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 9986 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 9925807 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193281 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 224.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Brandon McGahee
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.6.0 log created on 06132010_021552

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Brandon McGahee\Local Settings\Temp\hsperfdata_Brandon McGahee\3120 not found!
File\Folder C:\Documents and Settings\Brandon McGahee\Local Settings\Temp\Perflib_Perfdata_177c.dat not found!
C:\Documents and Settings\Brandon McGahee\Local Settings\Temporary Internet Files\Content.IE5\XMX4M9TY\installed[2].htm moved successfully.
C:\Documents and Settings\Brandon McGahee\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\mcmsc_1VflN19wQPOMGbY not found!
File\Folder C:\WINDOWS\temp\mcmsc_pMGT40fSahgvfvB not found!
C:\WINDOWS\temp\Perflib_Perfdata_1410.dat moved successfully.

Registry entries deleted on Reboot...

sambaker · 2010/06/13

Here is the OTL.Txt log from the Quick Scan:

OTL logfile created on: 6/13/2010 2:33:33 AM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Brandon McGahee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 35.13 Gb Free Space | 52.68% Space Free | Partition Type: NTFS
Drive D: | 21.53 Gb Total Space | 21.46 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDON
Current User Name: Brandon McGahee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/12 13:46:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
PRC - [2010/03/01 16:16:30 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/01 16:16:30 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/19 20:09:14 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/07/16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 14:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/10/08 14:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 14:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/10/08 14:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/01/19 17:17:42 | 001,581,056 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
PRC - [2006/11/23 22:06:17 | 000,258,048 | ---- | M] (Computer Associates) -- C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
PRC - [2006/09/21 19:04:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Belkin\F5D8051v2\ChkDev.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/12/29 16:42:18 | 000,165,416 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
PRC - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/10 03:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe

========== Modules (SafeList) ==========

MOD - [2010/06/12 13:46:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/03/01 16:16:30 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/08 14:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007/10/08 14:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007/10/08 14:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/04/03 18:12:14 | 000,014,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/09/28 22:02:26 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 600(UVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/24 16:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/07/03 10:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/26 11:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:24:48 | 000,095,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/08 07:14:00 | 000,498,816 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/06/22 18:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2006/05/24 19:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 19:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 19:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 19:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 19:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 19:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 18:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 18:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/16 00:39:00 | 001,421,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/04 10:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 10:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/31 05:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 05:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 05:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 05:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 05:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 05:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 05:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 05:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 05:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/13 10:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 10:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 03:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/09/29 16:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/08 21:34:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/13 02:11:12 | 000,000,000 | ---D | M]

[2010/05/08 21:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Extensions
[2010/06/13 02:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions
[2010/05/08 22:21:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/08 22:22:19 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/06/13 02:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 02:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/13 02:10:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/13 02:17:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CaISSDT] C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [eTrustPPAP] C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe (Computer Associates)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158294370062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.127.16.67 12.127.17.71
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/06/13 02:15:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/13 02:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/13 01:40:15 | 000,854,064 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Brandon McGahee\Desktop\Norton_Removal_Tool.exe
[2010/06/12 13:51:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/12 13:46:25 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
[2010/06/10 20:54:32 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/10 20:51:39 | 000,000,000 | ---D | C] -- C:\213c80716cca07710038
[2010/06/10 00:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/06/09 21:43:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/06/06 22:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon McGahee\My Documents\Simply Super Software
[2010/06/06 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/06/06 22:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/06/06 21:19:13 | 000,000,000 | ---D | C] -- C:\RECYCLER(2)
[2010/06/05 23:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/05 23:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/31 10:41:12 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Brandon McGahee\Desktop\TDSSKiller.exe
[2010/05/28 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/05/08 21:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla
[2010/05/08 21:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/08 21:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon McGahee\My Documents\Profiles
[2010/04/07 20:25:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/07 20:25:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 20:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/07 20:22:12 | 005,918,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon McGahee\Desktop\mbam-setup.exe
[2010/04/07 19:21:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/07 19:21:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/07 19:21:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/07 19:21:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/07 01:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon McGahee\Application Data\Windows Live Writer
[2010/04/07 01:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon McGahee\My Documents\My Weblog Posts
[2010/04/07 01:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\Windows Live Writer
[2010/03/26 12:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/03/22 04:55:25 | 034,595,048 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\Desktop\7.0.0.538f-sdsetup.exe
[2010/03/22 04:51:39 | 034,595,048 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\My Documents\7.0.0.538f-sdsetup.exe
[2010/03/22 02:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/03/22 02:46:53 | 000,502,168 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Brandon McGahee\My Documents\SpyHunter-Installer.exe
[2010/03/16 19:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/08/10 11:22:31 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
[2006/08/10 11:22:31 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
[2006/08/10 11:22:31 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll
[2006/08/10 11:22:31 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
[2006/08/10 11:22:31 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
[2006/08/10 11:22:31 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
[2006/08/10 11:22:31 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
[2006/08/10 11:22:31 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
[2006/08/10 11:22:31 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll

========== Files - Modified Within 90 Days ==========

[2010/06/13 02:22:14 | 000,046,125 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/06/13 02:20:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/13 02:19:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/13 02:19:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/13 02:19:23 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/13 02:18:39 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\ntuser.dat
[2010/06/13 02:18:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Brandon McGahee\ntuser.ini
[2010/06/13 02:17:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/13 02:11:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/13 01:40:32 | 000,854,064 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Brandon McGahee\Desktop\Norton_Removal_Tool.exe
[2010/06/12 13:46:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
[2010/06/11 01:33:34 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/11 01:11:14 | 000,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 00:52:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 00:49:57 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/06/10 00:32:27 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/06/10 00:20:22 | 000,966,213 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\tdsskiller.zip
[2010/06/09 15:16:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/08 01:00:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\k1uo4f6j.exe
[2010/06/08 00:56:33 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\Download GMER.doc
[2010/06/08 00:56:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\~$wnload GMER.doc
[2010/06/07 02:00:42 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\dds.scr
[2010/06/06 22:23:56 | 000,000,426 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/01 01:00:15 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Brandon McGahee\Desktop\TDSSKiller.exe
[2010/05/20 01:44:25 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\Windows Live Call.lnk
[2010/05/17 01:40:40 | 000,296,960 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\problem screen shot.doc
[2010/05/10 22:41:25 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\Shortcut to Sounds and Audio Devices.lnk
[2010/05/08 21:34:31 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/08 02:03:13 | 000,030,616 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\bookmarks-2010-05-08.json
[2010/05/05 00:30:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/15 01:17:15 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/04/07 20:25:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 20:22:16 | 005,918,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon McGahee\Desktop\mbam-setup.exe
[2010/03/31 22:23:04 | 005,081,374 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\IconCache.db
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/22 05:14:01 | 000,016,226 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\UyME
[2010/03/22 05:14:00 | 000,016,226 | -HS- | M] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\UyME
[2010/03/22 04:54:47 | 034,595,048 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\My Documents\7.0.0.538f-sdsetup.exe
[2010/03/22 04:54:47 | 034,595,048 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\Desktop\7.0.0.538f-sdsetup.exe
[2010/03/22 04:17:19 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon McGahee\My Documents\mbam-setup.exe
[2010/03/22 03:53:29 | 000,246,272 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 02:46:44 | 000,502,168 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Brandon McGahee\My Documents\SpyHunter-Installer.exe
[2010/03/16 18:53:22 | 013,837,640 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\winzip140.exe

========== Files Created - No Company Name ==========

[2010/06/11 01:39:58 | 2145,845,248 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/10 00:32:27 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/06/10 00:20:17 | 000,966,213 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Desktop\tdsskiller.zip
[2010/06/08 01:00:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\My Documents\k1uo4f6j.exe
[2010/06/08 00:56:33 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Brandon McGahee\My Documents\~$wnload GMER.doc
[2010/06/08 00:56:32 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\My Documents\Download GMER.doc
[2010/06/07 02:00:21 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Desktop\dds.scr
[2010/06/05 20:55:00 | 010,747,904 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\ntuser.dat
[2010/05/17 01:15:25 | 000,296,960 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\My Documents\problem screen shot.doc
[2010/05/10 22:41:25 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Desktop\Shortcut to Sounds and Audio Devices.lnk
[2010/05/08 21:34:31 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/08 20:59:08 | 000,030,616 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\My Documents\bookmarks-2010-05-08.json
[2010/04/07 20:25:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 19:21:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/07 19:21:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/07 19:21:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/07 19:21:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/07 19:21:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/22 02:15:02 | 000,016,226 | -HS- | C] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\UyME
[2010/03/22 02:15:02 | 000,016,226 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\UyME
[2010/03/16 18:54:09 | 013,837,640 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\My Documents\winzip140.exe
[2010/01/27 16:43:15 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/01 10:03:27 | 018,764,452 | -HS- | C] () -- C:\WINDOWS\System32\algc.sys
[2009/09/01 10:03:27 | 000,000,915 | ---- | C] () -- C:\WINDOWS\System32\adsmsexte.sys
[2009/07/04 00:22:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTSHDW3.dll
[2008/08/14 03:04:47 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/12 14:46:26 | 000,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/06 04:17:56 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/06 04:17:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/06 04:17:48 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/06 04:17:48 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/06 04:17:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/07/06 04:17:47 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/03/19 22:26:28 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/04/16 22:09:29 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/08/17 00:04:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/08/15 23:34:09 | 000,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/08/15 22:03:28 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/15 21:52:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2006/08/10 12:10:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/10 11:57:36 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/10 11:54:05 | 000,004,307 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/10 11:22:32 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
[2006/08/10 11:22:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
[2006/08/10 11:22:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
[2006/08/10 11:22:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
[2006/08/10 11:22:31 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
[2006/08/10 11:22:31 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
[2006/08/10 11:22:31 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
[2006/08/10 11:22:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
[2006/08/10 11:22:31 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
[2006/08/10 11:22:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
[2006/08/10 11:21:50 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/08/10 11:20:39 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 19:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/31 13:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2005/04/09 11:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/10 14:12:05 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/03/26 12:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2006/11/23 21:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/01/27 16:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/06 22:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/09/04 02:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2007/11/20 01:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/06 22:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/10 00:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/03 04:34:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2008/08/31 17:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\ICAClient
[2008/09/21 23:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Leadertech
[2008/08/31 16:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Runaware
[2010/05/28 16:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\webex
[2010/04/07 01:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Windows Live Writer
[2010/06/09 15:16:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/15 01:17:15 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/06/01 01:00:15 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/06/13 02:11:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

broni · 2010/06/13

Very good

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

sambaker · 2010/06/13

Here are the Kaspersky scan results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, June 13, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, June 13, 2010 11:44:53
Records in database: 4272192
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 127621
Threats found: 5
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 02:44:53

File name / Threat / Threats count
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1229\A0111557.sys Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1232\A0120049.dll Infected: Trojan.Win32.Tdss.bfpp 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1232\A0120050.dll Infected: Trojan.Win32.Tdss.bftt 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1232\A0120054.exe Infected: Trojan.Win32.Tdss.bfut 1
C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll Infected: Trojan.Win32.Patched.hg 1

Selected area has been scanned.

broni · 2010/06/13

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
ws2_32.dll
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

sambaker · 2010/06/13

Here is the SystemLook log:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:18 on 13/06/2010 by Brandon McGahee (Administrator - Elevation successful)

========== filefind ==========

Searching for "ws2_32.dll "
C:\i386\ws2_32.dll --a--- 82944 bytes [23:33 15/08/2006] [10:00 04/08/2004] 2ED0B7F12A60F90092081C50FA0EC2B2
C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll -----c 82944 bytes [11:38 26/08/2008] [10:00 04/08/2004] 2ED0B7F12A60F90092081C50FA0EC2B2
C:\WINDOWS\ERDNT\cache\ws2_32.dll --a--- 82944 bytes [22:17 27/01/2010] [10:00 04/08/2004] 2ED0B7F12A60F90092081C50FA0EC2B2
C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll --a--- 82432 bytes [11:33 26/08/2008] [00:12 14/04/2008] 1BABC2C5B3DEF27722A01C7F2340F568
C:\WINDOWS\system32\ws2_32.dll ------ 82944 bytes [17:51 10/08/2004] [10:00 04/08/2004] 2ED0B7F12A60F90092081C50FA0EC2B2

-=End Of File=-

broni · 2010/06/13

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Files
C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll|C:\WINDOWS\system32\ws2_32.dll /replace

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

sambaker · 2010/06/14

Here is the log from the OTL custom fix:

All processes killed
========== OTL ==========
========== FILES ==========
File C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll successfully replaced with C:\WINDOWS\system32\ws2_32.dll
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Brandon McGahee
->Temp folder emptied: 136198249 bytes
->Temporary Internet Files folder emptied: 6186873 bytes
->Java cache emptied: 406240 bytes
->FireFox cache emptied: 93018674 bytes
->Flash cache emptied: 2814 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 126128 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 225.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Brandon McGahee
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.6.0 log created on 06142010_233536

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

broni · 2010/06/14

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

===============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

sambaker · 2010/06/15

OK. I have cleaned up with OTL, deleted the logs and tools downloaded over the last week to clean my computer, and reset the system restore.

I sincerely appreciate your time and patience in assisting me. The problem that I started with (web search links redirecting me to the wrong sites) was resolved within the first few steps of the process. Beyond that, I would say that overall my laptop seems to be performing a little faster and better in general than before.

Thanks again for your help.

broni · 2010/06/15

You're very welcome
Good luck and stay safe

Log in or Sign up

Solved Google Search Results Redirect to wrong sites

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Google Search Results Redirect to wrong sites

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches