Solved Google Redirect Virus

Action Hero · 2010/10/30

[Resolved] Google Redirect Virus

I, like others here, am having the same issue with this annoying problem. Please help as I'm very much a novice and need help in walking through the process of ridding my system of this. System files (attachments) included.
Thank You

DDS (Ver_10-10-21.02) - NTFS_AMD64
Run by Gerry at 17:04:13.99 on Sat 10/30/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2162 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\pfs\callatl\WMConduitDirector.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Gerry\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173601102206p03e5v1i5r49k1s435
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173601102206p03e5v1i5r49k1s435
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173601102206p03e5v1i5r49k1s435
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: D: {df5a56bf-dbea-36bb-884f-2cc43fd6d021} - C:\Windows\SysWow64\ir69927.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
mRun: [Lexmark 5600-6600 Series] "C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe" /s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
StartupFolder: C:\Users\Gerry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Gerry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TURBOA~1.LNK - c:\Users\Gerry\AppData\Roaming\Microsoft\Installer\{684D6639-0928-403B-A13C-EDFBB14B462F}\_7FC0EECC0580771D40217C.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [lxdumon.exe] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe "
mRun-x64: [lxduamon] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe "
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-31 308296]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2010-2-1 110312]
R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2010-1-31 359952]
R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-1-31 155456]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2010-1-31 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-31 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2010-1-31 49480]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe [2009-8-19 29184]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2009-7-24 29720]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2010-1-31 40904]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736]

=============== Created Last 30 ================

2010-10-29 21:32:19 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{48C537C6-22E0-44A9-A454-FC33152374CD}\mpengine.dll
2010-10-26 22:33:14 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-26 22:33:14 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-26 22:33:14 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-26 22:33:14 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-26 22:33:14 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-26 22:33:14 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-26 22:33:14 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-26 22:32:56 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-24 17:03:33 -------- d-----w- C:\Users\Gerry\AppData\Roaming\Windows Live Writer
2010-10-24 17:03:33 -------- d-----w- C:\Users\Gerry\AppData\Local\Windows Live Writer
2010-10-22 22:48:18 -------- d-----w- C:\Windows\en
2010-10-22 22:43:50 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-10-22 22:43:50 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-10-22 22:43:50 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-10-22 22:43:50 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-10-22 22:42:30 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6825daa01cb723a2d\InstallManager_WLE_WLE.exe
2010-10-22 22:42:11 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5dafefc01cb723a22\MeshBetaRemover.exe
2010-10-22 22:41:48 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4ed756a01cb723a1a\DSETUP.dll
2010-10-22 22:41:48 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4ed756a01cb723a1a\DXSETUP.exe
2010-10-22 22:41:48 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4ed756a01cb723a1a\dsetup32.dll
2010-10-22 22:41:45 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4dadcac01cb723a19\DSETUP.dll
2010-10-22 22:41:45 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4dadcac01cb723a19\DXSETUP.exe
2010-10-22 22:41:45 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4dadcac01cb723a19\dsetup32.dll
2010-10-22 22:40:15 -------- d-----w- C:\Users\Gerry\AppData\Local\Windows Live
2010-10-22 22:38:32 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-22 22:38:32 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-22 22:38:32 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-22 22:38:31 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-22 22:38:31 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-22 22:38:31 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-22 22:38:31 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-22 22:36:21 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2010-10-22 22:36:03 -------- d-----w- C:\Program Files\NVIDIA Corporation
2010-10-15 23:05:55 171880 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10134.bin
2010-10-12 22:00:02 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-12 22:00:02 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-12 22:00:01 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-12 22:00:01 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-12 22:00:01 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-10-12 22:00:01 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-01 03:52:56 162038 ----a-w- C:\PROGRA~3\SPL20F7.tmp

==================== Find3M ====================

2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 04:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 18:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 18:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-18 19:48:56 253952 ----a-w- C:\Windows\SysWow64\ir69927.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-03 20:00:47 249856 ----a-w- C:\Windows\SysWow64\gk62021.dll
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 17:05:00.87 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/30/2010 10:45:09 PM
System Uptime: 10/30/2010 2:48:15 PM (3 hours ago)

Motherboard: eMachines | | EMCP73VT-PM
Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 2700/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 686 GiB total, 639.094 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP133: 9/24/2010 6:42:54 PM - Windows Update
RP134: 9/28/2010 6:08:45 PM - Windows Update
RP135: 9/28/2010 7:30:29 PM - Windows Update
RP136: 10/2/2010 11:34:07 AM - Windows Update
RP137: 10/5/2010 7:11:49 PM - Windows Update
RP138: 10/7/2010 11:47:08 PM - Windows Update
RP139: 10/9/2010 2:19:42 PM - Windows Update
RP140: 10/12/2010 5:57:38 PM - Windows Update
RP141: 10/12/2010 7:44:20 PM - Windows Update
RP142: 10/15/2010 8:36:58 PM - Windows Update
RP143: 10/19/2010 6:59:56 PM - Windows Update
RP144: 10/22/2010 6:29:53 PM - Windows Update
RP145: 10/22/2010 6:34:51 PM - Windows Update
RP146: 10/26/2010 6:33:00 PM - Windows Update
RP147: 10/26/2010 7:00:13 PM - Windows Update
RP148: 10/27/2010 6:39:25 PM - Windows Update
RP149: 10/29/2010 5:31:53 PM - Windows Update

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
ABBYY FineReader 6.0 Sprint
Absolute Poker
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0 MUI
Advertising Center
Apple Application Support
Apple Software Update
Bicycle Texas Hold 'em
Big Fish Games: Game Manager
CallAtlanta
Compatibility Pack for the 2007 Office system
D3DX10
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Google Toolbar for Internet Explorer
Google Update Helper
Identity Card
ImagXpress
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Lexmark Printable Web
Lexmark Tools for Office
McAfee SecurityCenter
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets and Trips 2005
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
PokerStars.net
QuickTime
Realtek High Definition Audio Driver
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
TurboApps WinMobile Conduit
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
VZAccess Manager
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

==== Event Viewer Messages From Past Week ========

10/30/2010 4:09:55 PM, Error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 2:48:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
10/30/2010 2:48:48 PM, Error: Service Control Manager [7000] - The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/29/2010 1:29:37 PM, Error: Service Control Manager [7000] - The McAfee Inc. mferkdk service failed to start due to the following error: The specified procedure could not be found.
10/26/2010 7:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80080005: Update for Windows 7 for x64-based Systems (KB2388210).
10/23/2010 4:47:37 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..

==== End Of File ===========================

broni · 2010/10/31

Welcome aboard

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scan.***

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Action Hero · 2010/10/31

Followed Instructions. Results follow.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5009

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/31/2010 5:24:41 PM
mbam-log-2010-10-31 (17-24-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 326453
Time elapsed: 59 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{2eecc58a-7b63-3b84-a225-5b721c1a6edd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{69d83ddd-9305-333b-8413-416f3c5bc983} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c57f2e7c-95d9-3d23-8834-96de52fd1139} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{c57f2e7c-95d9-3d23-8834-96de52fd1139} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c57f2e7c-95d9-3d23-8834-96de52fd1139} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c57f2e7c-95d9-3d23-8834-96de52fd1139} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{84cdf631-1349-35df-b1ef-be50461d8fc7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{96cd0649-9e8a-3def-b3b8-54d4e3d8818f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df5a56bf-dbea-36bb-884f-2cc43fd6d021} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{df5a56bf-dbea-36bb-884f-2cc43fd6d021} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{df5a56bf-dbea-36bb-884f-2cc43fd6d021} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df5a56bf-dbea-36bb-884f-2cc43fd6d021} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df5a56bf-dbea-36bb-884f-2cc43fd6d021} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{88dc5a7a-485c-3cb9-99ba-be3566e1a60a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{003aa189-de0e-35f5-b8bb-1e20cd57cc35} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f94f8bbb-ebd5-3a09-8896-89fd725a7bd8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{f94f8bbb-ebd5-3a09-8896-89fd725a7bd8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f94f8bbb-ebd5-3a09-8896-89fd725a7bd8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f94f8bbb-ebd5-3a09-8896-89fd725a7bd8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b218a081-846c-3d30-ae48-0d840d17134c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{922e13aa-9d2c-35ef-8d61-a671070df1e4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77bd1dad-70b7-32f2-a04e-1d4ef5d04bc8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{77bd1dad-70b7-32f2-a04e-1d4ef5d04bc8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77bd1dad-70b7-32f2-a04e-1d4ef5d04bc8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77bd1dad-70b7-32f2-a04e-1d4ef5d04bc8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\gk62021.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\ir69927.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\ol96622.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\ru69837.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\gk62021.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ir69927.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ol96622.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ru69837.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\Gerry\Favorites\Free **** Tube, Sex Tube, Free XXX Movies at BestTubeClips.com.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Windows\System32\ctfmonhwq.exe (Trojan.BHO) -> Quarantined and deleted successfully.

gmer.log - no results found after scan.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: eMachines
BIOS Manufacturer: AMI
System Manufacturer: eMachines
System Product Name: ET1831
Logical Drives Mask: 0x00000bfc

Kernel Drivers (total 186):
0x02C0D000 \SystemRoot\system32\ntoskrnl.exe
0x031E9000 \SystemRoot\system32\hal.dll
0x00BA4000 \SystemRoot\system32\kdcom.dll
0x00CB5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CF9000 \SystemRoot\system32\PSHED.dll
0x00D0D000 \SystemRoot\system32\CLFS.SYS
0x00E13000 \SystemRoot\system32\CI.dll
0x00ED3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F77000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F86000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FDD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FE6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D6B000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FF0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00D9E000 \SystemRoot\System32\drivers\partmgr.sys
0x00DB3000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00C5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E07000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C86000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010BE000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x010FB000 \SystemRoot\system32\DRIVERS\storport.sys
0x0115D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01168000 \SystemRoot\system32\drivers\fltmgr.sys
0x011B4000 \SystemRoot\system32\drivers\fileinfo.sys
0x0123E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x013E1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01403000 \SystemRoot\System32\Drivers\cng.sys
0x01476000 \SystemRoot\System32\drivers\pcw.sys
0x01487000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01491000 \SystemRoot\system32\drivers\ndis.sys
0x01583000 \SystemRoot\system32\drivers\NETIO.SYS
0x01200000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0105E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015E3000 \SystemRoot\System32\Drivers\spldr.sys
0x01614000 \SystemRoot\System32\drivers\rdyboost.sys
0x0164E000 \SystemRoot\System32\Drivers\mup.sys
0x01660000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01669000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x016A3000 \SystemRoot\system32\DRIVERS\disk.sys
0x016B9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01751000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0177B000 \SystemRoot\System32\Drivers\Null.SYS
0x01784000 \SystemRoot\System32\Drivers\Beep.SYS
0x0178B000 \SystemRoot\System32\drivers\vga.sys
0x01799000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x017BE000 \SystemRoot\System32\drivers\watchdog.sys
0x017CE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x017D7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x017E0000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017E9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01600000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02A00000 \SystemRoot\System32\drivers\tcpip.sys
0x038BB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03905000 \SystemRoot\System32\Drivers\Mpfp.sys
0x03942000 \SystemRoot\System32\Drivers\TDI.SYS
0x0394F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0396D000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x03800000 \SystemRoot\system32\drivers\afd.sys
0x0398B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x039D0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x039D9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0388A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03899000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x015EB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A08000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A59000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A65000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03A70000 \SystemRoot\system32\drivers\mfehidk.sys
0x03ABA000 \SystemRoot\System32\drivers\discache.sys
0x03AC9000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AE7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03AF8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B1E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03B34000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03B52000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03B61000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03B70000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03B7B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03BD1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x011C8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C1D000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03C73000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0FC5A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x108EC000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x108EE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0FC00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0FC46000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x109E2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03C80000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03C96000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x109F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03CBA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03CE9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03D04000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03D25000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x109FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03D3F000 \SystemRoot\system32\DRIVERS\ks.sys
0x03D82000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03D94000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03C00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04636000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x048C1000 \SystemRoot\system32\drivers\portcls.sys
0x048FE000 \SystemRoot\system32\drivers\drmk.sys
0x04920000 \SystemRoot\system32\drivers\ksthunk.sys
0x04926000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04943000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04945000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04960000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x04971000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x0497D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0498B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x049A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x049AD000 \SystemRoot\system32\DRIVERS\wdcsam64.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x049B1000 \SystemRoot\System32\drivers\Dxapi.sys
0x049BD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\cdd.dll
0x049CB000 \SystemRoot\system32\drivers\luafv.sys
0x04800000 \SystemRoot\system32\drivers\WudfPf.sys
0x04821000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04836000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0484E000 \SystemRoot\system32\DRIVERS\udfs.sys
0x0262E000 \SystemRoot\system32\drivers\HTTP.sys
0x026F6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02704000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x0270E000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x0274B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0275E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0277C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02794000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x016E9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x027C1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04E41000 \SystemRoot\system32\drivers\peauth.sys
0x04EE7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x04EF2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04F1F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04F31000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04F98000 \SystemRoot\system32\drivers\mfeavfk.sys
0x05886000 \SystemRoot\System32\DRIVERS\srv.sys
0x0591C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0594D000 \SystemRoot\system32\drivers\mfesmfk.sys
0x77710000 \Windows\System32\ntdll.dll
0x48090000 \Windows\System32\smss.exe
0xFFA30000 \Windows\System32\apisetschema.dll
0xFF5E0000 \Windows\System32\autochk.exe
0xFF9D0000 \Windows\System32\Wldap32.dll
0xFF950000 \Windows\System32\difxapi.dll
0xFF6F0000 \Windows\System32\iertutil.dll
0xFF610000 \Windows\System32\oleaut32.dll
0xFF430000 \Windows\System32\setupapi.dll
0xFF3E0000 \Windows\System32\ws2_32.dll
0xFF3D0000 \Windows\System32\nsi.dll
0xFF330000 \Windows\System32\comdlg32.dll
0xFF2C0000 \Windows\System32\gdi32.dll
0xFF220000 \Windows\System32\msvcrt.dll
0xFE490000 \Windows\System32\shell32.dll
0xFE3B0000 \Windows\System32\advapi32.dll
0xFE330000 \Windows\System32\shlwapi.dll
0xFE1B0000 \Windows\System32\urlmon.dll
0x778E0000 \Windows\System32\psapi.dll
0x77610000 \Windows\System32\user32.dll
0xFE190000 \Windows\System32\sechost.dll
0x778D0000 \Windows\System32\normaliz.dll
0xFE080000 \Windows\System32\msctf.dll
0xFDE70000 \Windows\System32\ole32.dll
0xFDE40000 \Windows\System32\imm32.dll
0xFDE20000 \Windows\System32\imagehlp.dll
0x774F0000 \Windows\System32\kernel32.dll
0xFDCF0000 \Windows\System32\rpcrt4.dll
0xFDBC0000 \Windows\System32\wininet.dll
0xFDAF0000 \Windows\System32\usp10.dll
0xFDA50000 \Windows\System32\clbcatq.dll
0xFDA40000 \Windows\System32\lpk.dll
0xFD9D0000 \Windows\System32\KernelBase.dll
0xFD930000 \Windows\System32\comctl32.dll
0xFD910000 \Windows\System32\devobj.dll
0xFD8D0000 \Windows\System32\wintrust.dll
0xFD760000 \Windows\System32\crypt32.dll
0xFD720000 \Windows\System32\cfgmgr32.dll
0xFD710000 \Windows\System32\msasn1.dll
0x76080000 \Windows\SysWOW64\normaliz.dll

Processes (total 80):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
420 csrss.exe
468 C:\Windows\System32\wininit.exe
484 csrss.exe
528 C:\Windows\System32\services.exe
544 C:\Windows\System32\lsass.exe
552 C:\Windows\System32\lsm.exe
672 C:\Windows\System32\winlogon.exe
692 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\nvvsvc.exe
804 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
412 C:\Windows\System32\svchost.exe
716 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\spoolsv.exe
1172 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\nvvsvc.exe
1292 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1424 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1468 C:\Windows\System32\svchost.exe
1512 C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
1588 C:\Windows\System32\lxducoms.exe
1632 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
1656 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
1668 C:\Windows\System32\rundll32.exe
1680 C:\Windows\SysWOW64\rundll32.exe
1704 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1768 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
1872 C:\Windows\System32\svchost.exe
1984 C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
2040 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
1400 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
1324 C:\Windows\System32\svchost.exe
1348 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2204 C:\Windows\System32\taskhost.exe
2268 C:\Windows\System32\dwm.exe
2284 C:\Windows\explorer.exe
2592 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3056 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
2704 C:\Windows\System32\svchost.exe
3160 WUDFHost.exe
3268 C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
3648 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3656 C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
3712 C:\Windows\WindowsMobile\wmdc.exe
3720 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3760 C:\Program Files\Windows Sidebar\sidebar.exe
3788 C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe
3796 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
3816 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
3856 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
3952 C:\Windows\System32\svchost.exe
3592 C:\pfs\callatl\WMConduitDirector.exe
3288 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3744 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2124 C:\Windows\System32\SearchIndexer.exe
4128 C:\Program Files\Windows Media Player\wmpnetwk.exe
4656 C:\Program Files\iPod\bin\iPodService.exe
5036 C:\Windows\System32\svchost.exe
4416 C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
5096 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
536 dllhost.exe
5296 C:\PROGRA~2\INTERN~1\iexplore.exe
5352 C:\PROGRA~2\INTERN~1\iexplore.exe
5500 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
796 C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
1796 C:\PROGRA~2\COMMON~1\McAfee\MNA\McNASvc.exe
5644 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
3400 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2104 C:\Windows\System32\audiodg.exe
2148 C:\Windows\System32\SearchProtocolHost.exe
2380 C:\Windows\System32\SearchFilterHost.exe
6028 C:\PROGRA~2\INTERN~1\iexplore.exe
3448 C:\Users\Gerry\Desktop\MBRCheck.exe
4276 C:\Windows\System32\conhost.exe
4884 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)

PhysicalDrive0 Model Number: ST3750528AS, Rev: CC44

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 RE: Acer MBR code detected
SHA1: 3183CBF02DD9B39C5FF84F50BA2419D633E30179

Done!

broni · 2010/10/31

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Double-click SUPERAntiSpyware.exe and use the default settings for installation.

An icon will be created on your desktop. Double-click that icon to launch the program.

If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)

Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

Open SUPERAntiSpyware.

Under "Configuration and Preferences ", click the Preferences button.

Click the Scanning Control tab.

Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen.

Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

On the left, make sure you check C:\Fixed Drive.

On the right, under "Complete Scan ", choose Perform Complete Scan.

Click "Next" to start the scan. Please be patient while it scans your computer.

After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK ".

Make sure everything has a checkmark next to it and click "Next ".

A notification will appear that "Quarantine and Removal is Complete ". Click "OK" and then click the "Finish" button to return to the main menu.

If asked if you want to reboot, click "Yes ".

To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Copy and paste the Scan Log results in your next reply with a new HijackThis log.

Click Close to exit the program.

Post SUPERAntiSpyware log.

Action Hero · 2010/11/01

Followed Instructions. Results follow.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/01/2010 at 10:31 PM

Application Version : 4.45.1000

Core Rules Database Version : 5794
Trace Rules Database Version: 3606

Scan type : Complete Scan
Total Scan Time : 01:00:44

Memory items scanned : 358
Memory threats detected : 0
Registry items scanned : 13942
Registry threats detected : 5
File items scanned : 161170
File threats detected : 1

Adware.CouponBar
(x86) HKU\S-1-5-21-3421569335-1170080416-1850209419-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
(x86) HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
(x86) HKU\S-1-5-21-3421569335-1170080416-1850209419-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
(x86) HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
(x86) HKU\S-1-5-21-3421569335-1170080416-1850209419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5BED3930-2E9E-76D8-BACC-80DF2188D455}

Trojan.Agent/Gen-Cryptor[Egun]
C:\PFS\CALLATL\WINXPSP2FIX.EXE

broni · 2010/11/02

How is redirection?
Which browser is affected?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Action Hero · 2010/11/05

In case you didn't get my last reply (part 1)

OTL logfile created on: 11/2/2010 7:51:23 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Gerry\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.54 Gb Total Space | 639.42 Gb Free Space | 93.27% Space Free | Partition Type: NTFS
Drive L: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: GERRY-HOME | User Name: Gerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/02 19:49:01 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Gerry\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/13 10:06:38 | 000,098,304 | ---- | M] (Citigroup) -- C:\pfs\callatl\WMConduitDirector.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 08:37:17 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/04 03:51:09 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2009/09/04 03:51:07 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

========== Modules (SafeList) ==========

MOD - [2010/11/02 19:49:01 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Gerry\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/12/08 14:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/11/13 12:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/11/04 17:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/10/28 12:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/10/16 16:53:46 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV:64bit: - [2009/08/19 13:16:53 | 001,044,136 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/09/30 17:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/08 15:25:28 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 13:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/19 13:16:39 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxducoms.exe -- (lxdu_device)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/15 15:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/04 17:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/11/04 17:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/11/04 17:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/11/04 17:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/07/24 17:20:38 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173601102206p03e5v1i5r49k1s435
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173601102206p03e5v1i5r49k1s435
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173601102206p03e5v1i5r49k1s435
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173601102206p03e5v1i5r49k1s435

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173601102206p03e5v1i5r49k1s435
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/11/02 16:45:26 | 000,000,000 | ---D | M]

[2010/04/24 22:36:23 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Mozilla\Extensions
[2010/04/24 22:36:23 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [lxduamon] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe ()
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Lexmark 5600-6600 Series] C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboApps WinMobile Conduit.lnk = c:\Users\Gerry\AppData\Roaming\Microsoft\Installer\{684D6639-0928-403B-A13C-EDFBB14B462F}\_7FC0EECC0580771D40217C.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | ---- | M] () - L:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{fb6b4049-0e87-11df-a382-002511678173}\Shell - " " = AutoRun
O33 - MountPoints2\{fb6b4049-0e87-11df-a382-002511678173}\Shell\AutoRun\command - " " = L:\WD SmartWare.exe -- [2009/11/13 15:25:22 | 003,280,672 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 19:48:52 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Gerry\Desktop\OTL.exe
[2010/11/01 21:16:59 | 000,000,000 | ---D | C] -- C:\Users\Gerry\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/01 21:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/01 21:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/11/01 21:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/01 21:02:52 | 009,705,656 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Gerry\Desktop\SUPERAntiSpyware.exe
[2010/10/31 16:05:58 | 000,000,000 | ---D | C] -- C:\Users\Gerry\AppData\Roaming\Malwarebytes
[2010/10/31 16:05:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/31 16:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/31 16:05:39 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/31 16:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/31 16:03:00 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Gerry\Desktop\mbam-setup.exe
[2010/10/30 16:10:39 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/24 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Gerry\AppData\Roaming\Windows Live Writer
[2010/10/24 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Gerry\AppData\Local\Windows Live Writer
[2010/10/22 18:48:18 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/22 18:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/22 18:44:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/22 18:40:15 | 000,000,000 | ---D | C] -- C:\Users\Gerry\AppData\Local\Windows Live
[2010/10/22 18:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/22 18:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/03/06 11:11:41 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2010/03/06 11:11:40 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2010/03/06 11:11:39 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2010/03/06 11:11:36 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2010/03/06 11:11:36 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2010/03/06 11:11:35 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2010/03/06 11:11:34 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2010/03/06 11:11:33 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2010/03/06 11:11:33 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/02 19:49:01 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Gerry\Desktop\OTL.exe
[2010/11/02 19:47:44 | 000,010,352 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/11/02 19:38:39 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/02 19:32:28 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/02 19:32:28 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/02 19:25:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/02 19:24:51 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/02 17:06:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/01 22:38:29 | 000,010,905 | ---- | M] () -- C:\Users\Gerry\Desktop\SUPERAntiSpyware Scan Log.docx
[2010/11/01 21:28:32 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/01 21:02:54 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Gerry\Desktop\SUPERAntiSpyware.exe
[2010/10/31 18:01:24 | 000,080,384 | ---- | M] () -- C:\Users\Gerry\Desktop\MBRCheck.exe
[2010/10/31 17:43:47 | 000,294,912 | ---- | M] () -- C:\Users\Gerry\Desktop\xc9p8ley.exe
[2010/10/31 16:05:43 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/31 16:03:09 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Gerry\Desktop\mbam-setup.exe
[2010/10/31 15:05:06 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/31 15:05:06 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/31 15:05:06 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/30 17:02:36 | 000,545,280 | ---- | M] () -- C:\Users\Gerry\Desktop\dds.scr
[2010/10/13 15:31:55 | 000,425,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/10 17:01:38 | 000,238,864 | ---- | M] () -- C:\Users\Gerry\Desktop\Letter of Witness.pdf
[2010/10/10 17:00:59 | 000,014,080 | ---- | M] () -- C:\Users\Gerry\Documents\Witness Letter.docx
[2010/10/08 19:06:32 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/01 22:38:28 | 000,010,905 | ---- | C] () -- C:\Users\Gerry\Desktop\SUPERAntiSpyware Scan Log.docx
[2010/11/01 21:16:52 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/31 18:01:22 | 000,080,384 | ---- | C] () -- C:\Users\Gerry\Desktop\MBRCheck.exe
[2010/10/31 17:43:43 | 000,294,912 | ---- | C] () -- C:\Users\Gerry\Desktop\xc9p8ley.exe
[2010/10/31 16:05:43 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/30 17:02:29 | 000,545,280 | ---- | C] () -- C:\Users\Gerry\Desktop\dds.scr
[2010/10/09 15:30:15 | 000,014,080 | ---- | C] () -- C:\Users\Gerry\Documents\Witness Letter.docx
[2010/10/09 15:29:03 | 000,238,864 | ---- | C] () -- C:\Users\Gerry\Desktop\Letter of Witness.pdf
[2010/05/04 22:28:00 | 000,026,804 | ---- | C] () -- C:\ProgramData\lxduJSW.log
[2010/03/06 11:47:02 | 000,000,744 | ---- | C] () -- C:\ProgramData\lxdu.log
[2010/03/06 11:17:01 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2010/03/06 11:17:01 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2010/03/06 11:17:01 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2010/03/06 11:11:42 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2010/03/06 11:11:41 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2010/03/06 11:09:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/02/17 22:50:40 | 000,002,066 | ---- | C] () -- C:\Windows\wininit.ini
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/06 13:13:30 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\5600-6600 Series
[2010/03/31 20:06:02 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Absolute Poker
[2010/04/18 15:34:26 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Artogon
[2010/02/17 21:50:12 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Big Fish Games
[2010/02/03 20:10:38 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\DriverCure
[2010/02/15 21:17:52 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\HdO Adventure
[2010/03/06 12:55:56 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Lexmark Productivity Studio
[2010/02/15 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Merscom
[2010/06/05 15:44:49 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\PlayFirst
[2010/02/19 21:18:52 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\PoBros
[2010/04/10 13:04:37 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\QB9
[2010/06/27 12:35:08 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Restorer
[2010/06/13 12:42:04 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\SevenSails
[2010/07/17 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Silverback Productions
[2010/04/10 14:15:27 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Top Evidence
[2010/08/22 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Vast Studios
[2010/01/31 13:23:45 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Western Digital
[2010/01/31 17:33:58 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\WildTangent
[2010/02/16 21:05:02 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\WildTangentv1002
[2010/10/25 18:54:54 | 000,000,000 | ---D | M] -- C:\Users\Gerry\AppData\Roaming\Windows Live Writer
[2010/07/04 03:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Gerry.job
[2010/01/31 16:40:36 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/04/01 01:00:00 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/10/31 14:51:57 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/10/29 08:55:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/11/02 19:24:51 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | -H-- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/11/02 19:24:58 | 4025,729,024 | -HS- | M] () -- C:\pagefile.sys
[2009/10/29 08:12:46 | 000,002,035 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/31 00:00:46 | 000,000,221 | -HS- | M] () -- C:\Users\Gerry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/31 16:03:09 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Gerry\Desktop\mbam-setup.exe
[2010/10/31 18:01:24 | 000,080,384 | ---- | M] () -- C:\Users\Gerry\Desktop\MBRCheck.exe
[2010/11/02 19:49:01 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Gerry\Desktop\OTL.exe
[2010/11/01 21:02:54 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Gerry\Desktop\SUPERAntiSpyware.exe
[2010/10/31 17:43:47 | 000,294,912 | ---- | M] () -- C:\Users\Gerry\Desktop\xc9p8ley.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 18:57:50 | 000,000,402 | -HS- | M] () -- C:\Users\Gerry\Favorites\desktop.ini
[2010/02/15 20:48:55 | 000,001,226 | ---- | M] () -- C:\Users\Gerry\Favorites\eMachines Games.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/03/06 13:10:13 | 000,000,744 | ---- | M] () -- C:\ProgramData\lxdu.log
[2010/08/01 11:25:04 | 000,026,804 | ---- | M] () -- C:\ProgramData\lxduJSW.log
[2010/03/06 11:09:17 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E411AA0D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AABCC5A7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:65AB2A58

< End of report >

Action Hero · 2010/11/05

Part 2 - file was too big to put both in 1

OTL Extras logfile created on: 11/2/2010 7:51:23 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Gerry\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.54 Gb Total Space | 639.42 Gb Free Space | 93.27% Space Free | Partition Type: NTFS
Drive L: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: GERRY-HOME | User Name: Gerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{206A595B-6ED6-4547-9293-C448139826EC}" = CallAtlanta
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{684D6639-0928-403B-A13C-EDFBB14B462F}" = TurboApps WinMobile Conduit
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.0 MUI
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f8ed8c7d-6d12-4eb1-9fb9-80e48c357a12}" = Nero 9 Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BFGC" = Big Fish Games: Game Manager
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Identity Card" = Identity Card
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSC" = McAfee SecurityCenter
"PokerStars.net" = PokerStars.net
"VZAccess Manager" = VZAccess Manager
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite" = Windows Live Essentials
"WTA-d9984271-821e-4710-a6d0-f2ffd5ff8a39" = Bicycle Texas Hold 'em

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2010/11/05

How is redirection?
Which browser is affected?
Click to expand...

.....

Action Hero · 2010/11/05

I believe redirection is fixed. Google search engine is what I use.

broni · 2010/11/05

Good. Let me look through your OTL logs.

broni · 2010/11/05

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{fb6b4049-0e87-11df-a382-002511678173}\Shell - " " = AutoRun
O33 - MountPoints2\{fb6b4049-0e87-11df-a382-002511678173}\Shell\AutoRun\command - " " = L:\WD SmartWare.exe -- [2009/11/13 15:25:22 | 003,280,672 | ---- | M] (Western Digital)
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2010/07/04 03:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Gerry.job
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E411AA0D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AABCC5A7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:65AB2A58


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Action Hero · 2010/11/05

New OTL log

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6b4049-0e87-11df-a382-002511678173}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6b4049-0e87-11df-a382-002511678173}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6b4049-0e87-11df-a382-002511678173}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6b4049-0e87-11df-a382-002511678173}\ not found.
File move failed. L:\WD SmartWare.exe scheduled to be moved on reboot.
C:\Windows\LMI8EF6.tmp\LMIRhook.000.dll deleted successfully.
C:\Windows\LMI8EF6.tmp\lmi_rescue.exe deleted successfully.
C:\Windows\LMI8EF6.tmp\LMI_Rescue_srv.exe deleted successfully.
C:\Windows\LMI8EF6.tmp\rahook.dll deleted successfully.
C:\Windows\LMI8EF6.tmp\rarcc.dll deleted successfully.
C:\Windows\LMI8EF6.tmp\rescue.log deleted successfully.
C:\Windows\LMI8EF6.tmp folder deleted successfully.
C:\ProgramData\SPL20F7.tmp deleted successfully.
C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Gerry.job moved successfully.
ADS C:\ProgramData\TEMP:FAB64002 deleted successfully.
ADS C:\ProgramData\TEMP:E6C6EB3B deleted successfully.
ADS C:\ProgramData\TEMP:E411AA0D deleted successfully.
ADS C:\ProgramData\TEMP:A02025CE deleted successfully.
ADS C:\ProgramData\TEMP:5080697C deleted successfully.
ADS C:\ProgramData\TEMP:AABCC5A7 deleted successfully.
ADS C:\ProgramData\TEMP:65AB2A58 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gerry
->Temp folder emptied: 95132637 bytes
->Temporary Internet Files folder emptied: 179101794 bytes
->Java cache emptied: 1353263 bytes
->Flash cache emptied: 35960 bytes

User: Lisa
->Temp folder emptied: 13489868 bytes
->Temporary Internet Files folder emptied: 108728490 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 12103 bytes

User: Lynne
->Temp folder emptied: 25196227 bytes
->Temporary Internet Files folder emptied: 65905575 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 7558 bytes

User: Public

User: SYSTEM

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19483886 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 27816792 bytes

Total Files Cleaned = 512.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Gerry
->Flash cache emptied: 0 bytes

User: Lisa
->Flash cache emptied: 0 bytes

User: Lynne
->Flash cache emptied: 0 bytes

User: Public

User: SYSTEM

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.2 log created on 11052010_210621

Files\Folders moved on Reboot...
File move failed. L:\WD SmartWare.exe scheduled to be moved on reboot.
File\Folder C:\Users\Gerry\AppData\Local\Temp\Low\hsperfdata_Gerry\5376 not found!
C:\Users\Gerry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DF2DFDEBA27FF69E48.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DF33CB39F2DC66E000.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DF4FA37E998E7B48C2.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DF72FC42D9D7352CE2.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DF7D7A99D19093F508.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DF85983F2954B60DBB.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DFA2AB004CDBB7815A.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DFA2B932402B1A97BC.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DFA8C5C0A4FBF25F3C.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DFA970563BDF8F1BF2.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DFB2B4BB7E0AB12192.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DFC1F7815F130B53E3.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DFC34BA98FD3EC1BB7.TMP not found!
File\Folder C:\Users\Gerry\AppData\Local\Temp\~DFC7672DD7E06E134E.TMP not found!
C:\Users\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NE1UZ3OD\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Users\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NE1UZ3OD\96006-active-google-redirect-virus[1].html moved successfully.
C:\Users\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G2950LB9\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G2950LB9\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Users\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F3CLMJ2E\adsCA12NX5L.htm moved successfully.
C:\Users\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F3CLMJ2E\iframescript[3].htm moved successfully.
C:\Users\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F3CLMJ2E\iframes_api_loader[1].html moved successfully.
File\Folder C:\Windows\temp\mcmsc_1v8DO2NtJ6Xvhxf not found!
File\Folder C:\Windows\temp\mcmsc_8GcQb04qrAhtTK4 not found!

Registry entries deleted on Reboot...

Action Hero · 2010/11/05

No ESET Log - no threats found.

broni · 2010/11/05

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

Action Hero · 2010/11/06

When I tried to run the security check, it wouldn't let me do it, so I never got to run it.
I haven't as yet, run TFC. But now I have another issue since I ran the scan. I can't read any of my e-mails. thew e-mail;s come in, but in my reader side, where you generally read the e-mail, the cursor just runs like it's trying to open it to read but never does. I've checked my control panel and nothing seems to be out of whack. But obviously, something is. So....now what?

broni · 2010/11/06

I tried to run the security check, it wouldn't let me do it
Click to expand...

Right click, "Run As Administrator ".

What email program are you having problem with?

Action Hero · 2010/11/06

Windows Live mail. I have both my home e-mail acct from my internet provider acct coming in as well as my work e-mail. Both were working fine.

broni · 2010/11/06

I don't really see anything in OTL script, which would break your email program, but sometimes, over the course of a cleaning process some features may get messed up.
I'm not familiar with Windows mail, so I suggest, we finish our cleaning process and then you create new topic in appropriate forum regarding your mail issues.

Action Hero · 2010/11/06

I can't even download the security check to my desktop as it's coming up as a Trogan and the system won't let me even download it. But I'm going to go ahead and finish the clean up from your last reply.

Log in or Sign up

Solved Google Redirect Virus

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Google Redirect Virus

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

broni Moderator Malware Analyst

Action Hero Inactive Thread Starter

Share This Page

Useful Searches