Solved Search Engine hijacked

broni · 2010/07/07

Oh, no problem

EMB · 2010/07/08

New GMER

Sorry, this took literally hours to run and then, after I copied it but before I could post it my computer crashed with a blue screen (has just started doing that the last few days) so I had to run it again.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-08 17:45:44
Windows 5.1.2600 Service Pack 3
Running: GMER.exe; Driver: C:\DOCUME~1\Mom\LOCALS~1\Temp\awtdypog.sys

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6773F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Mom\Desktop\GMER.exe[196] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Mom\Desktop\GMER.exe[196] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\Mom\Desktop\GMER.exe[196] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Mom\Desktop\GMER.exe[196] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\Mom\Desktop\GMER.exe[196] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Documents and Settings\Mom\Desktop\GMER.exe[196] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Mom\Desktop\GMER.exe[196] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Mom\Desktop\GMER.exe[196] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Mom\Desktop\GMER.exe[196] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Mom\Desktop\GMER.exe[196] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\Mom\Desktop\GMER.exe[196] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Mom\Desktop\GMER.exe[196] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[1152] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[2468] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 027F0001
.text C:\WINDOWS\Explorer.EXE[2468] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[2468] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[2468] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[2468] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2468] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{B4FCDE79-9CD1-1EAA-C601-9A5655F73423}\InprocServer32@ activeds.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{B4FCDE79-9CD1-1EAA-C601-9A5655F73423}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{B4FCDE79-9CD1-1EAA-C601-9A5655F73423}\ProgID@ Pathname
Reg HKLM\SOFTWARE\Classes\CLSID\{B4FCDE79-9CD1-1EAA-C601-9A5655F73423}\TypeLib@ {97d25db0-0363-11cf-abc4-02608c9e7553}
Reg HKLM\SOFTWARE\Classes\CLSID\{B4FCDE79-9CD1-1EAA-C601-9A5655F73423}\Version@ 0.0

broni · 2010/07/08

Looks good

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

=============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

EMB · 2010/07/09

First Log

OTL logfile created on: 7/9/2010 7:59:07 AM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 689.00 Mb Available Physical Memory | 67.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 16.62 Gb Free Space | 44.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MSHOME
Current User Name: Mom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/09 07:58:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
PRC - [2010/07/08 18:46:27 | 001,191,424 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\temp\is-827MA.tmp\asc-setup-aff[1].tmp
PRC - [2010/07/08 18:46:26 | 007,848,368 | ---- | M] (IObit ) -- C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\X3RYE7OL\asc-setup-aff[1].exe
PRC - [2010/07/02 17:33:10 | 002,347,216 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/07/02 12:58:52 | 000,198,864 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2010/06/12 14:58:30 | 003,431,256 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/05/26 13:06:16 | 000,427,728 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\temp\is-3UQPT.tmp\Aup.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/05/19 13:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/30 18:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 18:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/12/12 21:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/08/28 20:01:14 | 000,238,872 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2008/04/13 20:12:29 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\net1.exe
PRC - [2008/04/13 20:12:29 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\net.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

========== Modules (SafeList) ==========

MOD - [2010/07/09 07:58:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
MOD - [2010/06/11 16:21:40 | 000,232,960 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RapportMgmtService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/05/19 13:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 18:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/12 21:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/08/28 20:01:14 | 000,238,872 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2003/03/03 16:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mom\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/07/31 07:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/05/09 03:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/12/12 21:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 21:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/08/21 09:38:10 | 000,020,480 | ---- | M] (Dell Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2007/11/02 20:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/03/05 15:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2010/04/15 23:58:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/05/08 19:23:37 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/07/03 05:57:42 | 000,335,252 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11489 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/31 21:54:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/09 07:58:21 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2010/07/09 07:57:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/04 18:57:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/04 18:54:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/04 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/04 17:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/03 05:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/30 09:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2010/06/27 20:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Enki Games
[2010/06/27 20:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/27 20:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\BigFish
[2010/06/27 00:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\PopCapv1000
[2010/06/25 20:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Digital Support
[2010/06/08 19:48:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/08 19:48:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/08 19:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/03 19:50:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/03 19:50:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/06/03 19:49:39 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/05/25 18:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Temp
[2010/05/25 18:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Google
[2010/05/25 18:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Deployment
[2010/05/21 23:11:00 | 000,000,000 | ---D | C] -- C:\a74c57edab6d7ba39fddfebb4eaa553b
[2010/05/21 23:07:53 | 000,000,000 | ---D | C] -- C:\b2e0491aa68e451a1be69c
[2010/05/21 22:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/21 22:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/21 22:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/21 22:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/21 22:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/21 22:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft Help
[2010/05/21 22:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/05/21 22:48:53 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/05/21 22:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/21 22:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\GetRightToGo
[2010/05/19 16:14:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Events
[2010/05/19 16:14:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/05/15 19:40:37 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_071102.dll
[2010/05/09 18:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/05/09 10:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\ArcSoft
[2010/05/09 10:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\ArcSoft
[2010/05/08 12:12:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mom\Recent
[2010/05/08 11:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Templates
[2010/05/08 08:41:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/08 01:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Windows Live Writer
[2010/05/08 00:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Innovative Solutions
[2010/05/08 00:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\AdvUninstal
[2010/05/08 00:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions
[2010/05/08 00:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/05/05 13:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Sun
[2010/05/04 16:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BVRP Software
[2010/05/04 16:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Avanquest
[2010/05/02 22:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\EA
[2010/04/29 22:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\OpenOffice.org
[2010/04/20 12:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\My Documents\Personal
[2010/04/15 19:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\My Documents\Downloads
[2010/04/13 21:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Threat Expert
[2010/04/13 20:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\FixCleaner
[2010/04/13 19:26:53 | 000,000,000 | ---D | C] -- C:\887651dc9232d51d74
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/09 08:00:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{16C4A0D6-9F78-41A8-9EF6-6FD64A3BB799}.job
[2010/07/09 07:58:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2010/07/09 07:57:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{64723102-B970-42F0-B2B1-907D4C6AF869}.job
[2010/07/09 07:57:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EFDDE715-A7F7-44F2-9EF4-17D3F8D66D2C}.job
[2010/07/09 07:56:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/09 07:50:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/08 21:08:30 | 003,772,508 | -H-- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\IconCache.db
[2010/07/08 19:56:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/08 19:41:26 | 000,000,000 | ---- | M] () -- C:\user.js
[2010/07/08 19:32:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/08 19:32:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/08 19:27:14 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to Toolbox.lnk
[2010/07/08 18:34:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/08 18:34:15 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/07/08 18:34:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/08 18:34:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/08 18:33:18 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Mom\NTUSER.DAT
[2010/07/08 18:33:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mom\ntuser.ini
[2010/07/08 17:34:37 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\GMER.exe
[2010/07/07 06:08:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/05 11:48:50 | 1510,367,528 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\My Music.zip
[2010/07/05 11:42:57 | 011,244,833 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\Personal[1].zip
[2010/07/05 08:39:48 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Excel.lnk
[2010/07/04 18:57:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/04 17:40:55 | 003,726,308 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\ComboFix.exe
[2010/07/03 05:57:42 | 000,335,252 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/30 18:20:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/27 13:06:11 | 000,000,084 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/06/24 20:03:12 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/06/24 19:46:13 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/06/24 03:03:32 | 000,534,394 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 03:03:32 | 000,464,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 03:03:32 | 000,079,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 07:26:49 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Outlook.lnk
[2010/06/17 22:27:40 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Word.lnk
[2010/06/17 17:41:05 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/06/17 17:41:05 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\IObit Freeware.url
[2010/06/12 03:39:17 | 000,294,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 03:22:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 19:49:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/05 22:33:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/05 22:32:59 | 000,000,856 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/27 22:59:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/22 20:50:19 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/05/22 20:42:39 | 000,076,032 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/22 19:52:34 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Publisher.lnk
[2010/05/22 19:51:29 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Access.lnk
[2010/05/22 19:51:09 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\E-mail.lnk
[2010/05/15 19:59:22 | 000,304,160 | ---- | M] () -- C:\PA207.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 11:30:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/28 09:59:36 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/04/15 19:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/08 19:41:26 | 000,000,000 | ---- | C] () -- C:\user.js
[2010/07/08 19:27:14 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to Toolbox.lnk
[2010/07/08 17:34:34 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\GMER.exe
[2010/07/05 11:43:58 | 1510,367,528 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\My Music.zip
[2010/07/05 11:42:48 | 011,244,833 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\Personal[1].zip
[2010/07/04 21:41:11 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/04 18:57:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/04 18:57:06 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/04 17:40:50 | 003,726,308 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\ComboFix.exe
[2010/06/30 18:20:27 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/24 20:03:12 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/06/24 19:46:13 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/06/17 17:41:05 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/06/17 17:41:05 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\IObit Freeware.url
[2010/06/08 19:49:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/22 20:50:19 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/05/22 19:52:43 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Word.lnk
[2010/05/22 19:52:34 | 000,002,517 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Publisher.lnk
[2010/05/22 19:51:44 | 000,002,521 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Outlook.lnk
[2010/05/22 19:51:37 | 000,002,473 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Excel.lnk
[2010/05/22 19:51:29 | 000,002,549 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Access.lnk
[2010/05/22 19:51:09 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\E-mail.lnk
[2010/05/15 19:59:22 | 000,304,160 | ---- | C] () -- C:\PA207.DAT
[2010/05/14 17:40:47 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EFDDE715-A7F7-44F2-9EF4-17D3F8D66D2C}.job
[2010/05/13 03:01:13 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/08 12:12:47 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/04/28 09:59:36 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/04/15 19:51:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/29 12:50:58 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2010/03/29 12:50:58 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/31 22:15:35 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/09 08:15:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2004/04/19 03:00:00 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[1997/07/11 03:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 03:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 03:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/05/06 20:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2010/07/04 18:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/03 19:50:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/03/08 21:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/01/12 00:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/06/05 22:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/05/08 00:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/02/12 16:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/05/08 00:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/02/05 01:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2010/01/13 21:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/03/01 22:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2010/03/08 21:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/01/14 21:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/05/08 00:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/05/08 00:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/03/05 08:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/06/27 00:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/08/21 22:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/05/09 18:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/06/27 21:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/13 01:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/08/13 23:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/05/04 17:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Avanquest
[2010/05/08 00:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Bytemobile
[2010/07/08 18:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Digital Support
[2010/03/08 21:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\DriverCure
[2010/05/02 22:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\EA
[2010/06/27 20:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Enki Games
[2010/03/06 21:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Eyeblaster
[2010/04/13 20:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FixCleaner
[2010/05/21 23:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GetRightToGo
[2010/06/24 20:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\IObit
[2010/03/06 21:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\iWin
[2010/03/09 22:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Merscom
[2010/04/29 22:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OpenOffice.org
[2010/07/08 20:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Pharaohs Secret
[2010/06/27 00:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\PopCapv1000
[2010/03/21 21:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Skunk Studios
[2010/03/13 02:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\TheFixerUpper
[2010/03/13 01:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Trusteer
[2010/05/08 13:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Windows Search
[2010/07/08 18:34:15 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
[2010/07/09 08:00:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{16C4A0D6-9F78-41A8-9EF6-6FD64A3BB799}.job
[2010/07/09 07:57:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{64723102-B970-42F0-B2B1-907D4C6AF869}.job
[2010/07/09 07:57:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EFDDE715-A7F7-44F2-9EF4-17D3F8D66D2C}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/10/31 21:54:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/05 22:33:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/04 18:57:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/07 06:11:11 | 000,015,006 | ---- | M] () -- C:\ComboFix.txt
[2008/10/31 21:54:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/18 12:51:19 | 000,018,576 | ---- | M] () -- C:\drwtsn32.log
[2008/12/30 02:53:49 | 000,005,188 | -H-- | M] () -- C:\ffastun.ffa
[2008/12/30 02:53:47 | 000,344,064 | -H-- | M] () -- C:\ffastun.ffl
[2008/12/30 02:53:48 | 000,159,744 | -H-- | M] () -- C:\ffastun.ffo
[2008/12/30 02:53:47 | 001,916,928 | -H-- | M] () -- C:\ffastun0.ffx
[2008/12/31 01:14:16 | 000,344,064 | ---- | M] () -- C:\ffastunT.ffl
[2008/10/31 21:54:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/31 21:54:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/06 23:26:12 | 000,000,947 | ---- | M] () -- C:\net_save.dna
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/07 00:27:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/05 14:27:38 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010/05/15 19:59:22 | 000,304,160 | ---- | M] () -- C:\PA207.DAT
[2010/07/08 18:33:58 | 536,870,912 | -HS- | M] () -- C:\pagefile.sys
[2010/07/08 19:41:26 | 000,000,000 | ---- | M] () -- C:\user.js

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/02/26 01:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9I.DLL
[2008/02/25 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9I.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 16:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 17:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 16:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 17:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 16:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/10/31 03:14:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/10/31 03:14:24 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/10/31 03:14:24 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
< End of report >

EMB · 2010/07/09

Second Log

OTL Extras logfile created on: 7/9/2010 7:59:07 AM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 689.00 Mb Available Physical Memory | 67.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 16.62 Gb Free Space | 44.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MSHOME
Current User Name: Mom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3521:TCP" = 3521:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3526:TCP" = 3526:TCP:*:Enabled:Services
"5552:TCP" = 5552:TCP:*:Enabled:Services
"4897:TCP" = 4897:TCP:*:Enabled:Services
"8294:TCP" = 8294:TCP:*:Enabled:Services
"2564:TCP" = 2564:TCP:*:Enabled:Services
"4644:TCP" = 4644:TCP:*:Enabled:Services
"7788:TCP" = 7788:TCP:*:Enabled:Services
"3847:TCP" = 3847:TCP:*:Enabled:Services
"6194:TCP" = 6194:TCP:*:Enabled:Services
"6177:TCP" = 6177:TCP:*:Enabled:Services
"6178:TCP" = 6178:TCP:*:Enabled:Services
"8040:TCP" = 8040:TCP:*:Enabled:Services
"8041:TCP" = 8041:TCP:*:Enabled:Services
"5522:TCP" = 5522:TCP:*:Enabled:Services
"9544:TCP" = 9544:TCP:*:Enabled:Services
"7068:TCP" = 7068:TCP:*:Enabled:Services
"7069:TCP" = 7069:TCP:*:Enabled:Services
"3554:TCP" = 3554:TCP:*:Enabled:Services
"5608:TCP" = 5608:TCP:*:Enabled:Services
"1587:TCP" = 1587:TCP:*:Enabled:Services
"1674:TCP" = 1674:TCP:*:Enabled:Services
"8599:TCP" = 8599:TCP:*:Enabled:Services
"8600:TCP" = 8600:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3521:TCP" = 3521:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3526:TCP" = 3526:TCP:*:Enabled:Services
"5552:TCP" = 5552:TCP:*:Enabled:Services
"4897:TCP" = 4897:TCP:*:Enabled:Services
"8294:TCP" = 8294:TCP:*:Enabled:Services
"4644:TCP" = 4644:TCP:*:Enabled:Services
"7788:TCP" = 7788:TCP:*:Enabled:Services
"3847:TCP" = 3847:TCP:*:Enabled:Services
"6194:TCP" = 6194:TCP:*:Enabled:Services
"6177:TCP" = 6177:TCP:*:Enabled:Services
"6178:TCP" = 6178:TCP:*:Enabled:Services
"8041:TCP" = 8041:TCP:*:Enabled:Services
"8040:TCP" = 8040:TCP:*:Enabled:Services
"5522:TCP" = 5522:TCP:*:Enabled:Services
"9544:TCP" = 9544:TCP:*:Enabled:Services
"7068:TCP" = 7068:TCP:*:Enabled:Services
"7069:TCP" = 7069:TCP:*:Enabled:Services
"3554:TCP" = 3554:TCP:*:Enabled:Services
"5608:TCP" = 5608:TCP:*:Enabled:Services
"1587:TCP" = 1587:TCP:*:Enabled:Services
"1674:TCP" = 1674:TCP:*:Enabled:Services
"8599:TCP" = 8599:TCP:*:Enabled:Services
"8600:TCP" = 8600:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\NETGEAR\WG111v3\WG111v3.exe" = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe:*:Enabled:NETGEAR WG111v3 Smart Wizard -- ()
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06B8DAD8-2809-475E-BA9D-C34479A0D58A}" = Dell TrueMobile 2300 Control Utility
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1E26327C-5168-43B3-BEC1-4E3AA945C711}" = QuickConnect
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B1A4366-8DFA-4582-91F6-27F7A4714FCC}" = Pure Networks Platform
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5CDEC102-451E-4D1D-A091-9D93F41532F5}" = Dell Client Configuration Utility - Powered by Altiris
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3943D0B-C281-4BF7-9FFB-2A4497986BF9}" = Memory Key Boot Utility
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E46B2F8A-6CCD-4949-871D-F9664F2113AB}" = PayPal Plug-In
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"bejeweled2deluxe" = Bejeweled 2 Deluxe
"bewitched" = Bewitched
"bricksofcamelot" = Bricks of Camelot
"bubblefishbob" = Bubblefish Bob
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"dinerdash" = Diner Dash
"feedingfrenzy" = Feeding Frenzy
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"IObit Security 360_is1" = IObit Security 360
"luxor" = Luxor
"luxor2" = Luxor 2
"luxoramunrising" = Luxor - Amun Rising
"mahjongquest" = Mah Jong Quest
"mahjongtheendlessjourney" = Mahjong The Endless Journey
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mysterypitmthenewyorkfortune" = Mystery P.I.(TM) - The New York Fortune
"Network MagicUninstall" = Network Magic
"pharaohssecret" = Pharaoh's Secret
"phlinxtogo" = Phlinx To Go
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"sallysspa" = Sally's Spa
"shapeshifter" = Shape Shifter
"Smart Defrag_is1" = Smart Defrag
"waterbugs" = Water Bugs
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Player" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/4/2010 10:16:36 PM | Computer Name = MSHOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 7/4/2010 10:36:13 PM | Computer Name = MSHOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module oleaut32.dll, version 5.1.2600.5512, fault address 0x00004942.

Error - 7/5/2010 6:53:39 AM | Computer Name = MSHOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x020b0183.

Error - 7/5/2010 8:28:45 AM | Computer Name = MSHOME | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 7/5/2010 8:45:46 AM | Computer Name = MSHOME | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 7/5/2010 2:21:06 PM | Computer Name = MSHOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00700074.

Error - 7/7/2010 6:13:48 AM | Computer Name = MSHOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 7/7/2010 8:22:35 PM | Computer Name = MSHOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00700074.

Error - 7/8/2010 5:34:43 PM | Computer Name = MSHOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 7/8/2010 5:46:38 PM | Computer Name = MSHOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 7/8/2010 6:09:52 PM | Computer Name = MSHOME | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/8/2010 6:09:52 PM | Computer Name = MSHOME | Source = Service Control Manager | ID = 7000
Description = The Rapport Management Service service failed to start due to the
following error: %%3

Error - 7/8/2010 6:09:52 PM | Computer Name = MSHOME | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 7/8/2010 6:10:02 PM | Computer Name = MSHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 7/8/2010 6:34:06 PM | Computer Name = MSHOME | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 7/8/2010 6:34:06 PM | Computer Name = MSHOME | Source = Print | ID = 23
Description = Printer TinyPDF failed to initialize because a suitable TinyPDF driver
could not be found.

Error - 7/8/2010 6:34:07 PM | Computer Name = MSHOME | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/8/2010 6:34:07 PM | Computer Name = MSHOME | Source = Service Control Manager | ID = 7000
Description = The Rapport Management Service service failed to start due to the
following error: %%3

Error - 7/8/2010 6:34:07 PM | Computer Name = MSHOME | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 7/8/2010 6:34:38 PM | Computer Name = MSHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

< End of report >

broni · 2010/07/09

I forgot to ask, how is redirection issue?

Is there any reason, your system restore is disabled, or you're not aware of it?

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
PRC - [2010/07/08 18:46:27 | 001,191,424 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\temp\is-827MA.tmp\asc-setup-aff[1].tmp
PRC - [2010/07/08 18:46:26 | 007,848,368 | ---- | M] (IObit ) -- C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\X3RYE7OL\asc-setup-aff[1].exe
PRC - [2010/05/26 13:06:16 | 000,427,728 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\temp\is-3UQPT.tmp\Aup.exe
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mom\LOCALS~1\Temp\catchme.sys -- (catchme)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Value error.)
[2010/07/04 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/04 17:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808


:Services

:Reg

:Files
C:\Documents and Settings\Mom\Local Settings\temp\is-827MA.tmp\asc-setup-aff[1].tmp
C:\Documents and Settings\Mom\Local Settings\temp\is-3UQPT.tmp\Aup.exe


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

EMB · 2010/07/09

Thanks

I was unaware that system restore was disabled. I'll have to find out where that happened and reset it. Thanks for letting me know. I'm getting ready to run the new CTL now.

Redirect is no longer happening but every time I close a tab now my browser gives me an error message about Internet Explorer has encountered an error and needs to close. Then, when I reopen the browser it says that it crashed last time and asks if I want to restore or go to my homepage.

broni · 2010/07/09

Remind me about IE issue, when I declare your computer being clean.

EMB · 2010/07/09

New OTL scan

OTL logfile created on: 7/9/2010 10:22:14 PM - Run 2
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 645.00 Mb Available Physical Memory | 63.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 16.59 Gb Free Space | 44.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MSHOME
Current User Name: Mom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/09 07:58:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
PRC - [2010/07/02 17:33:10 | 002,347,216 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/06/17 02:24:52 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/05/19 13:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/30 18:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 18:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/12/12 21:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 21:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/08/28 20:01:14 | 000,238,872 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2008/07/01 11:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008/06/10 15:56:28 | 000,447,560 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/04 19:38:58 | 000,437,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe

========== Modules (SafeList) ==========

MOD - [2010/07/09 07:58:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
MOD - [2010/06/11 16:21:40 | 000,232,960 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RapportMgmtService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/05/19 13:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 18:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/12 21:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/08/28 20:01:14 | 000,238,872 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2003/03/03 16:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/07/31 07:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/05/09 03:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/12/12 21:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 21:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/08/21 09:38:10 | 000,020,480 | ---- | M] (Dell Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2007/11/02 20:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/03/05 15:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2010/04/15 23:58:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/05/08 19:23:37 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/07/03 05:57:42 | 000,335,252 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11489 more lines...
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/31 21:54:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/09 22:19:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/09 07:58:21 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2010/07/09 07:57:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/04 18:57:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/04 18:54:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/03 05:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/30 09:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2010/06/27 20:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Enki Games
[2010/06/27 20:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/27 20:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\BigFish
[2010/06/27 00:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\PopCapv1000
[2010/06/25 20:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Digital Support
[2010/06/08 19:48:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/08 19:48:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/08 19:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/03 19:50:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/03 19:50:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/06/03 19:49:39 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/05/25 18:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Temp
[2010/05/25 18:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Google
[2010/05/25 18:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Deployment
[2010/05/21 23:11:00 | 000,000,000 | ---D | C] -- C:\a74c57edab6d7ba39fddfebb4eaa553b
[2010/05/21 23:07:53 | 000,000,000 | ---D | C] -- C:\b2e0491aa68e451a1be69c
[2010/05/21 22:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/21 22:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/21 22:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/21 22:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/21 22:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/21 22:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft Help
[2010/05/21 22:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/05/21 22:48:53 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/05/21 22:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/21 22:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\GetRightToGo
[2010/05/19 16:14:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Events
[2010/05/19 16:14:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/05/15 19:40:37 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_071102.dll
[2010/05/09 18:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/05/09 10:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\ArcSoft
[2010/05/09 10:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\ArcSoft
[2010/05/08 12:12:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mom\Recent
[2010/05/08 11:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Templates
[2010/05/08 08:41:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/08 01:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Windows Live Writer
[2010/05/08 00:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Innovative Solutions
[2010/05/08 00:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\AdvUninstal
[2010/05/08 00:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions
[2010/05/08 00:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/05/05 13:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Sun
[2010/05/04 16:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BVRP Software
[2010/05/04 16:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Avanquest
[2010/05/02 22:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\EA
[2010/04/29 22:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\OpenOffice.org
[2010/04/20 12:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\My Documents\Personal
[2010/04/15 19:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\My Documents\Downloads
[2010/04/13 21:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Threat Expert
[2010/04/13 20:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\FixCleaner
[2010/04/13 19:26:53 | 000,000,000 | ---D | C] -- C:\887651dc9232d51d74
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/09 22:22:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{64723102-B970-42F0-B2B1-907D4C6AF869}.job
[2010/07/09 22:22:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EFDDE715-A7F7-44F2-9EF4-17D3F8D66D2C}.job
[2010/07/09 22:21:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 22:21:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/09 22:21:06 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/07/09 22:21:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/09 22:20:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/09 22:20:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 22:20:04 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Mom\NTUSER.DAT
[2010/07/09 22:20:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mom\ntuser.ini
[2010/07/09 22:20:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{16C4A0D6-9F78-41A8-9EF6-6FD64A3BB799}.job
[2010/07/09 21:56:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/09 07:58:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2010/07/08 21:08:30 | 003,772,508 | -H-- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\IconCache.db
[2010/07/08 19:41:26 | 000,000,000 | ---- | M] () -- C:\user.js
[2010/07/08 19:32:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/08 19:32:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/08 19:27:14 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to Toolbox.lnk
[2010/07/08 17:34:37 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\GMER.exe
[2010/07/07 06:08:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/05 11:48:50 | 1510,367,528 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\My Music.zip
[2010/07/05 11:42:57 | 011,244,833 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\Personal[1].zip
[2010/07/05 08:39:48 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Excel.lnk
[2010/07/04 18:57:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/04 17:40:55 | 003,726,308 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\ComboFix.exe
[2010/07/03 05:57:42 | 000,335,252 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/30 18:20:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/27 13:06:11 | 000,000,084 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/06/24 20:03:12 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/06/24 19:46:13 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/06/24 03:03:32 | 000,534,394 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 03:03:32 | 000,464,940 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 03:03:32 | 000,079,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 07:26:49 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Outlook.lnk
[2010/06/17 22:27:40 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Word.lnk
[2010/06/17 17:41:05 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/06/17 17:41:05 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\IObit Freeware.url
[2010/06/12 03:39:17 | 000,294,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 03:22:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 19:49:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/05 22:33:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/05 22:32:59 | 000,000,856 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/27 22:59:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/22 20:50:19 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/05/22 20:42:39 | 000,076,032 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/22 19:52:34 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Publisher.lnk
[2010/05/22 19:51:29 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Access.lnk
[2010/05/22 19:51:09 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\E-mail.lnk
[2010/05/15 19:59:22 | 000,304,160 | ---- | M] () -- C:\PA207.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 11:30:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/28 09:59:36 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/04/15 19:51:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/08 19:41:26 | 000,000,000 | ---- | C] () -- C:\user.js
[2010/07/08 19:27:14 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to Toolbox.lnk
[2010/07/08 17:34:34 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\GMER.exe
[2010/07/05 11:43:58 | 1510,367,528 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\My Music.zip
[2010/07/05 11:42:48 | 011,244,833 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\Personal[1].zip
[2010/07/04 21:41:11 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/04 18:57:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/04 18:57:06 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/04 17:40:50 | 003,726,308 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\ComboFix.exe
[2010/06/30 18:20:27 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/24 20:03:12 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/06/24 19:46:13 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/06/17 17:41:05 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/06/17 17:41:05 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\IObit Freeware.url
[2010/06/08 19:49:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/22 20:50:19 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/05/22 19:52:43 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Word.lnk
[2010/05/22 19:52:34 | 000,002,517 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Publisher.lnk
[2010/05/22 19:51:44 | 000,002,521 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Outlook.lnk
[2010/05/22 19:51:37 | 000,002,473 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Excel.lnk
[2010/05/22 19:51:29 | 000,002,549 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Access.lnk
[2010/05/22 19:51:09 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\E-mail.lnk
[2010/05/15 19:59:22 | 000,304,160 | ---- | C] () -- C:\PA207.DAT
[2010/05/14 17:40:47 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EFDDE715-A7F7-44F2-9EF4-17D3F8D66D2C}.job
[2010/05/13 03:01:13 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/08 12:12:47 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/04/28 09:59:36 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/04/15 19:51:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/29 12:50:58 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2010/03/29 12:50:58 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/31 22:15:35 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/09 08:15:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2004/04/19 03:00:00 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[1997/07/11 03:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 03:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 03:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/05/06 20:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2010/06/03 19:50:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/03/08 21:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/01/12 00:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/06/05 22:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/05/08 00:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/02/12 16:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/05/08 00:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/02/05 01:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2010/01/13 21:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/03/01 22:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2010/03/08 21:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/01/14 21:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/05/08 00:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/05/08 00:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/03/05 08:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/06/27 00:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/08/21 22:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/05/09 18:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/06/27 21:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/13 01:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/08/13 23:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/05/04 17:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Avanquest
[2010/05/08 00:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Bytemobile
[2010/07/08 18:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Digital Support
[2010/03/08 21:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\DriverCure
[2010/05/02 22:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\EA
[2010/06/27 20:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Enki Games
[2010/03/06 21:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Eyeblaster
[2010/04/13 20:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FixCleaner
[2010/05/21 23:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GetRightToGo
[2010/06/24 20:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\IObit
[2010/03/06 21:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\iWin
[2010/03/09 22:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Merscom
[2010/04/29 22:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OpenOffice.org
[2010/07/08 20:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Pharaohs Secret
[2010/06/27 00:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\PopCapv1000
[2010/03/21 21:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Skunk Studios
[2010/03/13 02:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\TheFixerUpper
[2010/03/13 01:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Trusteer
[2010/05/08 13:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Windows Search
[2010/07/09 22:21:06 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
[2010/07/09 22:20:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{16C4A0D6-9F78-41A8-9EF6-6FD64A3BB799}.job
[2010/07/09 22:22:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{64723102-B970-42F0-B2B1-907D4C6AF869}.job
[2010/07/09 22:22:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EFDDE715-A7F7-44F2-9EF4-17D3F8D66D2C}.job

========== Purity Check ==========

< End of report >

broni · 2010/07/09

You forgot:

You will get a log that shows the results of the fix. Please post it.
Click to expand...

EMB · 2010/07/09

Fix results

Ooops, sorry.

Ran the fix again, here are the results.

All processes killed
========== OTL ==========
No active process named asc-setup-aff[1].tmp was found!
No active process named asc-setup-aff[1].exe was found!
No active process named Aup.exe was found!
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\DOCUME~1\Mom\LOCALS~1\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Folder C:\Program Files\AVG\ not found.
Folder C:\Documents and Settings\All Users\Application Data\avg9\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:6017A808 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Documents and Settings\Mom\Local Settings\temp\is-827MA.tmp\asc-setup-aff[1].tmp not found.
File\Folder C:\Documents and Settings\Mom\Local Settings\temp\is-3UQPT.tmp\Aup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Admin_Backup

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 145984761 bytes
->Java cache emptied: 1011936 bytes
->Google Chrome cache emptied: 16375063 bytes
->Flash cache emptied: 13057 bytes

User: Lawrence.MSHOME
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Mom
->Temp folder emptied: 184164 bytes
->Temporary Internet Files folder emptied: 5990560 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 611 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Talaina

User: TEMP
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131555 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65274 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 162.00 mb

[EMPTYFLASH]

User: Administrator

User: Admin_Backup

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: Lawrence.MSHOME

User: LocalService

User: Mom
->Flash cache emptied: 0 bytes

User: NetworkService

User: Talaina

User: TEMP

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.8.1 log created on 07092010_223234

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_4d0.dat not found!

Registry entries deleted on Reboot...

EMB · 2010/07/09

Original Fix results log

Went and found this in the folder. This is what came up the first time. It didn't look like a "fix," I guess that's why I forgot to post it.

-------------------------------------------------------------------------
All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[emptyflash]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTL by OldTimer - Version 3.2.8.1 log created on 07092010_221953

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2010/07/10

Good

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

EMB · 2010/07/11

Kasperksy log

KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, July 11, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, July 10, 2010 23:41:00
Records in database: 4238842

Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Objects scanned 59601
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 02:27:53

No threats found. Scanned area is clean.
Selected area has been scanned.

broni · 2010/07/11

Nice

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

=============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

broni · 2010/07/19

Any word about your computer?

broni · 2010/07/27

The issue appears to be resolved.

Log in or Sign up

Solved Search Engine hijacked

broni Moderator Malware Analyst

EMB Inactive Thread Starter

broni Moderator Malware Analyst

EMB Inactive Thread Starter

EMB Inactive Thread Starter

broni Moderator Malware Analyst

EMB Inactive Thread Starter

broni Moderator Malware Analyst

EMB Inactive Thread Starter

broni Moderator Malware Analyst

EMB Inactive Thread Starter

EMB Inactive Thread Starter

broni Moderator Malware Analyst

EMB Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Search Engine hijacked

broni Moderator Malware Analyst

EMB Inactive Thread Starter

broni Moderator Malware Analyst

EMB Inactive Thread Starter

EMB Inactive Thread Starter

broni Moderator Malware Analyst

EMB Inactive Thread Starter

broni Moderator Malware Analyst

EMB Inactive Thread Starter

broni Moderator Malware Analyst

EMB Inactive Thread Starter

EMB Inactive Thread Starter

broni Moderator Malware Analyst

EMB Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches