WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Google Redirect Virus

3 posters

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus25th July 2011, 6:19 pm

more_horiz
Let's hold off on ComboFix.

Update Run Malwarebytes



  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus25th July 2011, 6:54 pm

more_horiz
Ran in safe mode

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7276

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

25/07/2011 19:47:56
mbam-log-2011-07-25 (19-47-56).txt

Scan type: Quick scan
Objects scanned: 175032
Time elapsed: 18 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus25th July 2011, 7:37 pm

more_horiz
No need to run Malwarebytes in safe mode.. Please run it again, but in normal mode. Post the log please.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus27th July 2011, 10:00 am

more_horiz
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7294

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/07/2011 09:48:58
mbam-log-2011-07-27 (09-48-58).txt

Scan type: Quick scan
Objects scanned: 179723
Time elapsed: 23 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus27th July 2011, 12:02 pm

more_horiz

  • Download OTL.exe to your desktop.
  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Under the Standard Registry box change it to All.
  • Under the Extra Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold



netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus27th July 2011, 1:02 pm

more_horiz
OTL logfile created on: 27/07/2011 13:56:21 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\abbeyfield\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.36 Mb Total Physical Memory | 474.64 Mb Available Physical Memory | 46.75% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.21% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.79 Gb Total Space | 28.85 Gb Free Space | 51.71% Space Free | Partition Type: NTFS

Computer Name: ABEXL0002 | User Name: abbeyfield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 13:54:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abbeyfield\Desktop\OTL.exe
PRC - [2010/05/19 17:00:26 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2010/05/11 16:11:30 | 001,188,176 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
PRC - [2010/05/11 16:11:20 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\LWS\LU\LULnchr.exe
PRC - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 19:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 19:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2009/10/13 11:41:27 | 000,606,208 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/06/11 07:10:17 | 000,503,808 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe
PRC - [2008/08/16 18:44:56 | 000,308,536 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2008/08/16 18:44:50 | 001,127,736 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfica32.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/21 12:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 12:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/02/21 12:13:26 | 000,495,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/09/20 15:52:10 | 000,253,952 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
PRC - [2006/09/18 08:27:38 | 000,817,152 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2006/05/12 14:07:26 | 000,086,016 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2006/02/19 04:21:22 | 000,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/02/19 02:41:10 | 000,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
PRC - [2006/01/11 10:32:28 | 000,126,976 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2005/12/09 03:58:22 | 000,118,784 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2005/12/09 03:47:42 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\WebPortal\SDClientMonitor.exe
PRC - [2005/11/17 11:31:52 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2004/12/15 08:07:44 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe


========== Modules (SafeList) ==========

MOD - [2011/07/27 13:54:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abbeyfield\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/19 17:00:22 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - [2011/02/08 09:46:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2006/09/20 15:52:10 | 000,253,952 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk(R)
SRV - [2006/09/18 08:27:38 | 000,817,152 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2006/05/12 14:07:26 | 000,086,016 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2006/01/11 10:32:28 | 000,126,976 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk(R)
SRV - [2005/12/09 03:58:22 | 000,118,784 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2005/11/17 11:31:52 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)


========== Driver Services (SafeList) ==========

DRV - [2010/05/19 17:00:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/05/19 17:00:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/14 23:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/14 23:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC)
DRV - [2010/05/14 23:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 23:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\abbeyfield\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\abbeyfield\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/25 12:44:40 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2007/02/21 12:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/08 14:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/07/01 16:48:34 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2005/07/01 16:48:34 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2005/07/01 16:48:34 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2005/05/03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 17:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/11 14:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/08/17 13:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=74e7098000000000000000166f634dee&tlver=1.4.19.19&affID=17162

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://csg.abbeyfield.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://csg.abbeyfield.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 20:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/07/19 12:18:31 | 000,000,000 | ---D | M]

[2011/03/07 15:45:20 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2004/08/04 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelAPMClient] File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LANDeskInventoryClient] C:\Program Files\LANDesk\LDClient\LDIScn32.exe (LANDesk Software, Ltd.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SDClientMonitor] C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe (LANDesk Software, Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\abbeyfield\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O15 - HKCU\..Trusted Domains: abbeyfield.com ([csg] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227621843437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227627097437 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\abbeyfield\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\abbeyfield\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/24 16:38:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/12 10:50:52 | 000,208,705 | ---- | M] () - C:\Automated Summary Timesheet Template.xlsx -- [ NTFS ]
O33 - MountPoints2\{8608772e-f315-11df-9454-00166f634dee}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 13:54:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\abbeyfield\Desktop\OTL.exe
[2011/07/27 09:24:26 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\abbeyfield\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/25 18:32:02 | 000,000,000 | --SD | C] -- C:\Fixyou18967F
[2011/07/25 17:14:13 | 000,000,000 | --SD | C] -- C:\Fixyou
[2011/07/25 17:13:56 | 004,152,159 | R--- | C] (Swearware) -- C:\Documents and Settings\abbeyfield\Desktop\Fixyou.exe
[2011/07/25 12:59:43 | 007,375,010 | ---- | C] (Shareaza Development Team ) -- C:\Documents and Settings\abbeyfield\My Documents\Shareaza_2.5.5.0_Win32.exe
[2011/07/15 21:51:00 | 000,000,000 | ---D | C] -- C:\WIP
[2011/07/15 21:15:04 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\abbeyfield\Desktop\TDSSKiller.exe
[2011/07/13 10:22:36 | 000,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rasl2tp.svs
[2011/07/13 10:18:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/13 10:15:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/13 10:15:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/13 10:15:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/13 10:15:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/13 10:14:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/12 20:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\Identities
[2011/07/12 20:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\abbeyfield\Application Data\Ilyfe
[2011/07/12 20:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\abbeyfield\Application Data\Arqiok
[2011/07/12 11:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\abbeyfield\Application Data\AVG9
[2011/07/12 09:22:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\abbeyfield\Start Menu\Programs\Administrative Tools
[2011/07/12 09:22:12 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\abbeyfield\Desktop\dds.scr
[2011/06/29 20:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 13:54:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abbeyfield\Desktop\OTL.exe
[2011/07/27 09:25:09 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/27 09:24:49 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\abbeyfield\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/27 09:20:35 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\System32\c_90114.nl_
[2011/07/27 09:20:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 09:20:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/07/27 09:20:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/25 17:14:00 | 004,152,159 | R--- | M] (Swearware) -- C:\Documents and Settings\abbeyfield\Desktop\Fixyou.exe
[2011/07/25 13:27:51 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/25 12:59:56 | 007,375,010 | ---- | M] (Shareaza Development Team ) -- C:\Documents and Settings\abbeyfield\My Documents\Shareaza_2.5.5.0_Win32.exe
[2011/07/15 21:16:43 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\abbeyfield\Desktop\TDSSKiller.exe
[2011/07/15 21:14:51 | 001,383,430 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Desktop\tdsskiller.zip
[2011/07/13 20:46:42 | 000,097,812 | ---- | M] () -- C:\Documents and Settings\abbeyfield\My Documents\2011-07-13_204501.GIF
[2011/07/13 20:45:09 | 000,878,896 | ---- | M] () -- C:\Documents and Settings\abbeyfield\My Documents\2011-07-13_204501.png
[2011/07/13 13:09:31 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 11:49:50 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\xucneurc.sys
[2011/07/13 10:19:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/12 20:44:24 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\irnfrnvp.sys
[2011/07/12 20:25:11 | 000,004,407 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Application Data\CB6A.565
[2011/07/12 09:22:21 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\abbeyfield\Desktop\dds.scr
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/06 14:51:59 | 000,867,245 | ---- | M] () -- C:\Ponteland 2.JPG
[2011/07/06 14:51:05 | 000,860,550 | ---- | M] () -- C:\Ponteland 1.JPG
[2011/07/06 13:50:07 | 001,491,089 | ---- | M] () -- C:\mileage Claim - A Armstrong june 11.JPG
[2011/07/01 13:18:39 | 000,866,923 | ---- | M] () -- C:\Kendal Valuation Visit 5.7.11.JPG
[2011/07/01 12:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/01 10:27:28 | 000,816,343 | ---- | M] () -- C:\Stannah P040143662.JPG
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/15 21:24:59 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\System32\c_90114.nl_
[2011/07/15 21:14:46 | 001,383,430 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Desktop\tdsskiller.zip
[2011/07/13 20:46:42 | 000,097,812 | ---- | C] () -- C:\Documents and Settings\abbeyfield\My Documents\2011-07-13_204501.GIF
[2011/07/13 20:45:09 | 000,878,896 | ---- | C] () -- C:\Documents and Settings\abbeyfield\My Documents\2011-07-13_204501.png
[2011/07/13 11:49:50 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\xucneurc.sys
[2011/07/13 10:19:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/13 10:18:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/13 10:15:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/13 10:15:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/13 10:15:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/13 10:15:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/13 10:15:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/12 20:44:24 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\irnfrnvp.sys
[2011/07/12 20:20:53 | 000,004,407 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Application Data\CB6A.565
[2011/07/06 14:51:58 | 000,867,245 | ---- | C] () -- C:\Ponteland 2.JPG
[2011/07/06 14:51:04 | 000,860,550 | ---- | C] () -- C:\Ponteland 1.JPG
[2011/07/06 13:50:06 | 001,491,089 | ---- | C] () -- C:\mileage Claim - A Armstrong june 11.JPG
[2011/07/01 13:18:39 | 000,866,923 | ---- | C] () -- C:\Kendal Valuation Visit 5.7.11.JPG
[2011/07/01 10:27:27 | 000,816,343 | ---- | C] () -- C:\Stannah P040143662.JPG
[2011/06/26 17:56:14 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cssfx.sys
[2011/06/23 16:45:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/23 13:34:19 | 000,005,932 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\punvj0rj43t4v6
[2011/06/23 13:34:19 | 000,005,932 | -HS- | C] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\punvj0rj43t4v6
[2011/03/07 15:45:23 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/10/04 11:02:41 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2010/10/04 11:02:14 | 000,011,650 | -H-- | C] () -- C:\Documents and Settings\abbeyfield\Application Data\SmarThruOptions.xml
[2010/10/04 11:01:47 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2010/10/04 11:01:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll
[2010/10/04 10:59:20 | 000,113,768 | R--- | C] () -- C:\WINDOWS\Wiainst.exe
[2010/10/04 10:54:05 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll
[2010/10/04 10:53:25 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2010/10/04 10:53:25 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2010/10/04 10:53:24 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2010/10/04 10:53:24 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2010/10/04 10:53:24 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2010/05/18 12:52:23 | 000,117,248 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 22:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 22:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 22:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 22:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/10 12:14:25 | 000,117,469 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/05/07 19:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/30 16:16:38 | 000,069,063 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/04/30 16:16:37 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/04/09 12:26:07 | 001,821,566 | ---- | C] () -- C:\Program Files\FSCaptureSetup65.exe
[2010/03/17 16:11:48 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\fusioncache.dat
[2010/03/17 15:25:08 | 000,110,436 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2010/03/17 15:25:07 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2010/03/09 12:45:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/02/23 13:38:13 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/11/26 13:51:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\ENABLING.INI
[2008/11/24 17:34:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2008/11/24 16:42:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/24 16:35:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/24 16:05:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/24 16:04:16 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/20 01:28:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/03/22 00:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 00:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,444,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,072,660 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/07/12 20:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Arqiok
[2011/07/12 11:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\AVG9
[2011/03/07 15:46:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\abbeyfield\Application Data\BabylonToolbar
[2009/02/23 17:44:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\abbeyfield\Application Data\ICAClient
[2011/07/12 20:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Ilyfe
[2010/11/09 12:41:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Leadertech
[2010/03/09 13:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\MSNInstaller
[2011/04/18 12:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Omem
[2010/09/02 13:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Participatory Culture Foundation
[2011/03/24 14:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\PCF-VLC
[2011/07/25 16:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Shareaza
[2010/10/04 11:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\SmarThru4
[2011/07/25 15:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Spotify
[2011/04/18 12:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Xuezus
[2011/07/13 10:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/05/04 12:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bIi06511gCdCp06511
[2011/03/15 12:07:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/23 22:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/27 09:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2011/07/27 09:20:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/11/24 16:38:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/12 10:50:52 | 000,208,705 | ---- | M] () -- C:\Automated Summary Timesheet Template.xlsx
[2011/07/13 11:29:11 | 000,012,518 | ---- | M] () -- C:\AVG.docx
[2008/11/24 16:32:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/13 10:19:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2008/11/24 16:38:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/11/24 16:38:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/01 13:18:39 | 000,866,923 | ---- | M] () -- C:\Kendal Valuation Visit 5.7.11.JPG
[2011/07/06 13:50:07 | 001,491,089 | ---- | M] () -- C:\mileage Claim - A Armstrong june 11.JPG
[2008/11/24 16:38:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/07 15:50:54 | 000,002,113 | ---- | M] () -- C:\northern map.pdf
[2010/11/02 17:49:10 | 001,462,870 | ---- | M] () -- C:\Northern September 2010.2011.xlsx
[2004/08/04 11:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/24 18:14:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/27 09:20:06 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2011/03/18 12:45:29 | 000,366,046 | ---- | M] () -- C:\Penrith CT 2001_12 1.jpg
[2011/03/18 12:46:06 | 000,362,641 | ---- | M] () -- C:\Penrith CT 2011_12 2.jpg
[2011/07/06 14:51:05 | 000,860,550 | ---- | M] () -- C:\Ponteland 1.JPG
[2011/07/06 14:51:59 | 000,867,245 | ---- | M] () -- C:\Ponteland 2.JPG
[2011/06/29 20:09:01 | 000,000,310 | ---- | M] () -- C:\rkill.log
[2011/03/21 16:28:44 | 000,035,171 | ---- | M] () -- C:\Staffing Hours.xlsx
[2011/07/01 10:27:28 | 000,816,343 | ---- | M] () -- C:\Stannah P040143662.JPG
[2011/04/18 13:03:21 | 000,042,156 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_18.04.2011_12.55.44_log.txt
[2011/04/18 16:08:38 | 000,042,718 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_18.04.2011_16.07.12_log.txt
[2011/06/23 13:50:03 | 000,042,718 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_23.06.2011_13.47.47_log.txt
[2011/06/23 16:19:01 | 000,086,298 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_23.06.2011_16.17.36_log.txt
[2011/06/23 22:16:25 | 000,042,718 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_23.06.2011_22.15.38_log.txt
[2011/07/15 21:16:23 | 000,002,150 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_15.07.2011_21.15.30_log.txt
[2011/07/15 21:17:59 | 000,043,574 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_15.07.2011_21.17.05_log.txt
[2011/07/15 21:48:33 | 000,002,150 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_15.07.2011_21.29.22_log.txt
[2011/07/16 09:13:37 | 000,042,424 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_16.07.2011_09.11.57_log.txt
[2011/07/25 17:03:39 | 000,042,424 | ---- | M] () -- C:\TDSSKiller.2.5.11.0_25.07.2011_17.01.58_log.txt
[2011/01/10 10:41:50 | 000,025,333 | ---- | M] () -- C:\Timesheet.xlsx
[2011/04/20 16:09:04 | 000,273,551 | ---- | M] () -- C:\Wray Bros.jpg
[2011/04/20 16:11:33 | 000,273,552 | ---- | M] () -- C:\_20110420_16110707.jpg
[2011/05/09 11:02:34 | 000,233,840 | ---- | M] () -- C:\_20110509_11020801.jpg
[2011/05/20 15:44:28 | 000,300,673 | ---- | M] () -- C:\_20110520_15435901.jpg
[2011/05/20 15:52:23 | 000,308,516 | ---- | M] () -- C:\_20110520_15515707.jpg

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/11/24 16:03:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/11/24 16:03:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/11/24 16:03:28 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/06/26 17:56:14 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\cssfx.sys
[2011/07/12 20:44:24 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\irnfrnvp.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2011/04/29 17:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2011/07/15 21:18:48 | 000,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2011/07/13 11:49:50 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\xucneurc.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\abbeyfield\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\abbeyfield\My Documents\My Pictures:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\abbeyfield\My Documents\My Music:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\abbeyfield\My Documents\My Albums:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Adele 21:Shareaza.GUID

< End of report >

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus27th July 2011, 1:03 pm

more_horiz
OTL Extras logfile created on: 27/07/2011 13:56:21 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\abbeyfield\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.36 Mb Total Physical Memory | 474.64 Mb Available Physical Memory | 46.75% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.21% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.79 Gb Total Space | 28.85 Gb Free Space | 51.71% Space Free | Partition Type: NTFS

Computer Name: ABEXL0002 | User Name: abbeyfield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service -- (LANDesk Software Ltd.)
"C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service -- (LANDesk Software Ltd.)
"C:\Program Files\LANDesk\LDClient\issuser.exe" = C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent -- (LANDesk Software, Ltd.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\abbeyfield\Local Settings\Temporary Internet Files\Content.IE5\9IU4HVG9\PDFConverterSetup[1].exe" = C:\Documents and Settings\abbeyfield\Local Settings\Temporary Internet Files\Content.IE5\9IU4HVG9\PDFConverterSetup[1].exe:*:Enabled:InstallCore™
"C:\Program Files\SamsungPrinterLiveUpdate\SP_Connector.exe" = C:\Program Files\SamsungPrinterLiveUpdate\SP_Connector.exe:*:Disabled:Samsung Printer Connector -- (Samsung Printer)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprbUpdate.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprbUpdate.exe:*:Disabled:Hewlett-Packard Product Assistant -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe" = C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe:*:Disabled:Logitech Updater -- (Logitech, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Citrix\ICA Client\wfica32.exe" = C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix Client Engine -- (Citrix Systems, Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Disabled:mcci+McciBrowser -- (Alcatel-Lucent)
"C:\Program Files\Common Files\Java\Java Update\jaucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jaucheck.exe:*:Enabled:Java(TM) Update Client Checker -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe:*:Enabled:Adobe Reader and Acrobat Manager -- (Adobe Systems Incorporated)
"C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Disabled:mcci+McciTrayApp -- (Alcatel-Lucent)
"C:\Program Files\Apple Software Update\SoftwareUpdate.exe" = C:\Program Files\Apple Software Update\SoftwareUpdate.exe:*:Disabled:Apple Software Update -- (Apple Inc.)
"C:\WINDOWS\system32\WgaTray.exe" = C:\WINDOWS\system32\WgaTray.exe:*:Disabled:Windows Genuine Advantage Notifications -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Java\Java Update\jusched.exe" = C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:Java(TM) Update Scheduler -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:Java(TM) Update Checker -- (Sun Microsystems, Inc.)
"C:\Program Files\LANDesk\LDClient\LDISCN32.EXE" = C:\Program Files\LANDesk\LDClient\LDISCN32.EXE:*:Enabled:Inventory Scanner for Windows -- (LANDesk Software, Ltd.)
"C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.7029722626396282.exe" = C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.7029722626396282.exe:*:Enabled:0.7029722626396282
"C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.15735610579295667.exe" = C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.15735610579295667.exe:*:Enabled:0.15735610579295667
"C:\Documents and Settings\abbeyfield\Application Data\Adobe\plugs\mmc102.exe" = C:\Documents and Settings\abbeyfield\Application Data\Adobe\plugs\mmc102.exe:*:Disabled:mmc102.exe
"C:\Documents and Settings\abbeyfield\Application Data\dwm.exe" = C:\Documents and Settings\abbeyfield\Application Data\dwm.exe:*:Disabled:dwm
"C:\Documents and Settings\abbeyfield\Local Settings\Temp\csrss.exe" = C:\Documents and Settings\abbeyfield\Local Settings\Temp\csrss.exe:*:Disabled:csrss
"C:\ComboFix\ComboFix-Download.cfxxe" = C:\ComboFix\ComboFix-Download.cfxxe:*:Enabled:ComboFix-Download
"C:\Documents and Settings\abbeyfield\Desktop\TDSSKiller.exe" = C:\Documents and Settings\abbeyfield\Desktop\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool -- (Kaspersky Lab ZAO)
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent -- (LANDesk Software, Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk(R) Common Base Agent 8
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}" = Microsoft Office Excel 2007 Get Started Tab
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BT Business Broadband Desktop Help" = BT Business Broadband Desktop Help
"BTBusinessHub" = BTBusinessHub
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Capture" = FastStone Capture 6.6
"GoToAssist" = GoToAssist Corporate
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"Spotify" = Spotify
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/07/2011 05:05:42 | Computer Name = ABEXL0002 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 16/07/2011 07:14:08 | Computer Name = ABEXL0002 | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
unknown, version 0.0.0.0, fault address 0x00a8fd32.

Error - 16/07/2011 07:24:41 | Computer Name = ABEXL0002 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 25/07/2011 05:32:03 | Computer Name = ABEXL0002 | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
unknown, version 0.0.0.0, fault address 0x00a920bb.

Error - 25/07/2011 05:37:53 | Computer Name = ABEXL0002 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 25/07/2011 12:04:34 | Computer Name = ABEXL0002 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 25/07/2011 12:15:11 | Computer Name = ABEXL0002 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 25/07/2011 15:16:17 | Computer Name = ABEXL0002 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 27/07/2011 04:21:27 | Computer Name = ABEXL0002 | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
unknown, version 0.0.0.0, fault address 0x00a90ae8.

Error - 27/07/2011 05:12:09 | Computer Name = ABEXL0002 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

[ OSession Events ]
Error - 16/08/2010 11:53:19 | Computer Name = ABEXL0002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 36
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 25/07/2011 06:16:13 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 25/07/2011 06:16:13 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 25/07/2011 06:16:13 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 25/07/2011 06:16:13 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 25/07/2011 06:16:18 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 25/07/2011 06:16:18 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 25/07/2011 06:16:18 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 25/07/2011 06:16:18 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 25/07/2011 06:16:23 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 25/07/2011 06:16:23 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2


< End of report >

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus27th July 2011, 8:04 pm

more_horiz
I'm reviewing your log and will have some more instructions for you in a short while.... Smile...

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus28th July 2011, 6:16 pm

more_horiz
Please run OTL.exe.

  • Copy the commands with file paths below (Do Not copy the word CODE:) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    Code:

    :OTL

    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
    O15 - HKCU\..Trusted Domains: abbeyfield.com ([csg] https in Trusted sites)
    O33 - MountPoints2\{8608772e-f315-11df-9454-00166f634dee}\Shell\AutoRun\command - "" = E:\setupSNK.exe

    :Commands
    [RESETHOSTS]
    [purity]
    [Reboot]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next


Please run the MGA Diagnostic Tool and post back the report it creates:

  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.


descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus28th July 2011, 7:46 pm

more_horiz
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-T6DFB-Y934T-YD4YT
Windows Product Key Hash: 3g4CZGFEDgbKmn/oB4pa2FZsssU=
Windows Product ID: 76487-OEM-2211906-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {2CF1EA82-ED1D-47EE-A155-4180D51129E5}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: ~[Filtered]~

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 17B86:Dell Inc|17B86:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus28th July 2011, 9:30 pm

more_horiz
Can you post the OTL log?

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus29th July 2011, 7:55 am

more_horiz
Kenny94 wrote:

  • Download OTL.exe to your desktop.
  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Under the Standard Registry box change it to All.
  • Under the Extra Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold



netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.



Do I run OTL again using the same instructions as when i ran just by opening OTL no log appears

thanks

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus29th July 2011, 1:51 pm

more_horiz
Are you still experiencing the redirects at this point? ComboFix should run even with AVG installed as it has been updated. Delete the copy of ComboFix you have & download it again from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! RENAME ComboFix.exe to Commy.exe BEFORE you save it to your Desktop**

And following the intructions in the ComboFix post. And post the log please.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus29th July 2011, 2:19 pm

more_horiz
I only have once my desktop loads up, a blank windows insert showing 'hello2' and 'hello4' , it is not letting me access internet etc. The system runs very slowly then freezes up.

this message sent from alternative computer

Tried safe mode and although desktop appears, am unable to open anything that i double click or run.
i.e internet, malware,TDSSkiller

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus29th July 2011, 5:00 pm

more_horiz
Since you cannot access your infected computer, you will have to download the required tools from your clean computer and move them to the infected computer with some removable media, for example burn it to a CD or write it to an USB flash disk.

If you use an USB flash disk, I highly recommend you to immunize it first, to prevent malware using the usb flash drive for spreading itself.

Please download Flash_Disinfector by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run the tool
  • When requested, insert the USB flash disk(s) you want to to immunize/disinfect
  • Hold down the Shift key when inserting the drive(s) until Windows detects the drive
  • Click OK to start the disinfection process
  • Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that you choose to disinfect. Do not delete that folder!

====================



Also, print out or save these instructions into note pad on a flash drive. (so you can see how to run the tools). If you can't save it to the desktop of the infected computer, you can run it right off of the flash drive.

Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Next

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are two different versions. If one of them won't run then download and try to run the other one.
Vista and Windows 7 users need to right-click and choose Run as Administrator
You only need to get one of them to run, not both of them.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are two different versions. If one of them won't run then download and try to run the other one.
Vista and Windows 7 users need to right-click and choose Run as Administrator
You only need to get one of them to run, not both of them.

  1. eXplorer.exe -
  2. WiNlOgOn.exe


Please post the log in your next reply. (To see what was terminate).

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Once you've gotten one of them to run then try to immediately run the following:

Download and run ComboFix. ComboFix should run again. When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus29th July 2011, 8:52 pm

more_horiz

Copied to disc transferred . Attemped to run from disc on infected computer.
Black screen pops up but them immediately receive problem message ecountered a problem and unable to continue. Do i want to send details to Microsoft or not. This is the same type of message i would normally receive when a programme crashes.

Tried both exeHelper files but same message with both.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus29th July 2011, 9:57 pm

more_horiz
Okay, well first off you need to separate all of the computers from each other. They cannot be on the same network at the same time. I've used Avira AntiVir Rescue System with success to move on to the next stage.

Avira AntiVir Rescue System Requires access to a working computer with a CD/DVD burner to create a bootable CD.

  • Avira AntiVir Rescue System. Click Here - Tutorial for Avira Rescue CD.
    If you encounter problems running the Rescue Disk, you can get further assistance at the Avira Support Forum.
  • Place a blank CD in your burner and double-click on the downloaded file named rescue_system-common-en.exe
  • The program will automatically burn the CD for you.
  • Place the burned CD into the affected computer and start the computer from this CD.
  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
  • Click on the Configuration button.

    • Select Scan all files
    • Select Try to repair infected files and Rename files, if they cannot be removed
    • Select Scan for dialers
    • Select Scan for joke programs (Jokes)
    • Select Scan for games
    • Select Scan for spyware (SPR)

  • Click on Virus scanner
  • Click on Start scanner at the bottom of the screen
  • When the scan is finished, you can save the scan report by clicking on Save and then by choosing where to save it So be sure to save the report and post it. For further review.



Note:

If you need a ISO burner? Download BurnCDCC , a standalone (ISO burner) You need to download the Avira Rescue disk and save it to your desktop. Open BurnCDCC > Click the browse button and select the Avira package.Place an empty disk in your burner. Slide the speed bar down to 2x. Place a check mark in the boxes. Read Verify, Finalize and Auto Eject. Click the start button. When complete the burner tray will slide open. You now have a bootable disk to move on.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus31st July 2011, 8:27 pm

more_horiz
Now running

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus31st July 2011, 9:56 pm

more_horiz
Okay. be sure to save the scan report and post it please.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus1st August 2011, 7:23 am

more_horiz
Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set: 8.2.6.22
VDF Version: 7.11.12.171
Scan start time: Sun Jul 31 23:54:44 2011
configuration file: /etc/avira/scancl.conf
ALERT: [JAVA/Stutter.J.2] /media/Devices/sda2/Documents and Settings/abbeyfield/Application Data/Sun/Java/Deployment/cache/6.0/24/53f48ad8-7ad6bce2 <<< Contains signature of the Java virus JAVA/Stutter.J.2 [renamed]


ALERT: [Java/Exdoer.G] /media/Devices/sda2/Documents and Settings/abbeyfield/Application Data/Sun/Java/Deployment/cache/6.0/35/7523cea3-56a9e8d3 --> powerColor/c1.class <<< Contains signature of the Java virus JAVA/Exdoer.G [archive scan abort]


ALERT: [TR/Dldr.Karagany.A.287] /media/Devices/sda2/Documents and Settings/abbeyfield/Application Data/Sun/Java/Deployment/cache/6.0/37/25dfa8e5-6e01e5db <<< Is the Trojan horse TR/Dldr.Karagany.A.287 [renamed]


ALERT: [EXP/CVE-2010-0840.BG] /media/Devices/sda2/Documents and Settings/abbeyfield/Application Data/Sun/Java/Deployment/cache/6.0/37/29212065-2d90d690 --> folder/Glocker.class <<< Contains signature of the exploits EXP/CVE-2010-0840.BG [archive scan abort]


ALERT: [Java/Agent.AO] /media/Devices/sda2/Documents and Settings/abbeyfield/Application Data/Sun/Java/Deployment/cache/6.0/54/36fe39b6-65d6c7cc --> google/stomp.class <<< Contains signature of the Java virus JAVA/Agent.AO [archive scan abort]


ALERT: [EXP/Java.BN] /media/Devices/sda2/Documents and Settings/abbeyfield/Application Data/Sun/Java/Deployment/cache/6.0/54/680b9df6-47a63d6a --> bingo/haskalu.class <<< Contains signature of the exploits EXP/Java.BN [archive scan abort]


ALERT: [JAVA/Tharra.A] /media/Devices/sda2/Documents and Settings/abbeyfield/Application Data/Sun/Java/Deployment/cache/6.0/54/6b310336-211dd4cd <<< Contains signature of the Java virus JAVA/Tharra.A [renamed]


ALERT: [JAVA/Tharra.A] /media/Devices/sda2/Documents and Settings/abbeyfield/Application Data/Sun/Java/Deployment/cache/6.0/54/6b310336-479594a2 <<< Contains signature of the Java virus JAVA/Tharra.A [renamed]


ALERT: [JAVA/Tharra.A] /media/Devices/sda2/Documents and Settings/abbeyfield/Application Data/Sun/Java/Deployment/cache/6.0/54/6b310336-530781c9 <<< Contains signature of the Java virus JAVA/Tharra.A [renamed]


ALERT: [JAVA/Tharra.A] /media/Devices/sda2/Documents and Settings/abbeyfield/Application Data/Sun/Java/Deployment/cache/6.0/54/6b310336-68c4baad <<< Contains signature of the Java virus JAVA/Tharra.A [renamed]


ALERT: [JAVA/Tharra.A] /media/Devices/sda2/Documents and Settings/abbeyfield/Application Data/Sun/Java/Deployment/cache/6.0/54/6b310336-765da3a9 <<< Contains signature of the Java virus JAVA/Tharra.A [renamed]


ALERT: [JAVA/Tharra.A] /media/Devices/sda2/Documents and Settings/abbeyfield/Application Data/Sun/Java/Deployment/cache/6.0/54/6b310336-7e8fae05 <<< Contains signature of the Java virus JAVA/Tharra.A [renamed]


WARNING: [Unsupported archive type] /media/Devices/sda2/Documents and Settings/abbeyfield/My Documents/My Videos/Miro/Incomplete Downloads/RACE 07 ot Akella/Race'07-Image/RACE07.iso


WARNING: [Error writing file] /media/Devices/sda2/Documents and Settings/abbeyfield/My Documents/My Videos/Miro/Incomplete Downloads/RACE07.iso


WARNING: [Bad compressed data] /media/Devices/sda2/Documents and Settings/abbeyfield/My Documents/My Videos/Miro/Incomplete Downloads/The Cardigans - Live performance collection/2001-10-29 A Camp - Live at KB, Malmo/artwork.zip


WARNING: [Unexpected end of file] /media/Devices/sda2/Documents and Settings/abbeyfield/My Documents/My Videos/Miro/Incomplete Downloads/The Cardigans - Live performance collection/2003-06-28 Live at Roskilde/artwork.zip


WARNING: [A malformed archive header was detected] /media/Devices/sda2/Documents and Settings/abbeyfield/My Documents/My Videos/Miro/Incomplete Downloads/The Cardigans - Live performance collection/2004-02-14 Live at Popstad/artwork_and_info.zip


WARNING: [A malformed archive header was detected] /media/Devices/sda2/Documents and Settings/abbeyfield/My Documents/My Videos/Miro/Incomplete Downloads/The Cardigans - Live performance collection/2004-02-14 Live at Popstad/artwork_and_info.zip


WARNING: [Unsupported archive type] /media/Devices/sda2/Documents and Settings/abbeyfield/My Documents/My Videos/Miro/[PC] Race The WTCC Game [RIP] [dopeman]/WTCC.7z


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Documents and Settings/NetworkService/Local Settings/Application Data/gnp.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/LANDesk/LDClient/amclient.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/LANDesk/LDClient/LDIScn32.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [W32/PatchLoad.A] /media/Devices/sda2/Program Files/LANDesk/LDClient/issuser.exe <<< Contains signature of the Windows virus W32/PatchLoad.A [renamed]


ALERT: [W32/PatchLoad.A] /media/Devices/sda2/Program Files/LANDesk/LDClient/SoftMon.exe <<< Contains signature of the Windows virus W32/PatchLoad.A [renamed]


ALERT: [W32/PatchLoad.A] /media/Devices/sda2/Program Files/LANDesk/LDClient/tmcsvc.exe <<< Contains signature of the Windows virus W32/PatchLoad.A [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/LANDesk/LDClient/WebPortal/sdclientmonitor.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Spy.ZBot.86016.3] /media/Devices/sda2/Program Files/LANDesk/LDClient/LocalSch.EXE <<< Is the Trojan horse TR/Spy.ZBot.86016.3 [renamed]


ALERT: [W32/PatchLoad.A] /media/Devices/sda2/Program Files/LANDesk/Shared Files/residentAgent.exe <<< Contains signature of the Windows virus W32/PatchLoad.A [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/Adobe/Reader 9.0/Reader/Reader_sl.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/ATI Technologies/ATI Control Panel/atiptaxx.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/BT Business Broadband Desktop Help/btbb/BTHelpNotifier.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/Common Files/Adobe/ARM/1.0/AdobeARM.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/Common Files/Java/Java Update/jusched.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Gendal.6181686] /media/Devices/sda2/Program Files/Common Files/LogiShrd/LVMVFM/LVPrcSrv.exe <<< Is the Trojan horse TR/Gendal.6181686 [renamed]


ALERT: [W32/PatchLoad.A] /media/Devices/sda2/Program Files/Common Files/Motive/McciCMService.exe <<< Contains signature of the Windows virus W32/PatchLoad.A [renamed]


WARNING: [Unexpected end of file] /media/Devices/sda2/Program Files/FastStone Capture/uninst.exe


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/Hewlett-Packard/HP Software Update/HPWuSchd2.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [W32/PatchLoad.A] /media/Devices/sda2/Program Files/Intel/Wireless/Bin/Dot1XCfg.exe <<< Contains signature of the Windows virus W32/PatchLoad.A [renamed]


ALERT: [TR/Gendal.6113986] /media/Devices/sda2/Program Files/Intel/Wireless/Bin/EvtEng.exe <<< Is the Trojan horse TR/Gendal.6113986 [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/Intel/Wireless/Bin/ifrmewrk.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [W32/PatchLoad.A] /media/Devices/sda2/Program Files/Intel/Wireless/Bin/RegSrvc.exe <<< Contains signature of the Windows virus W32/PatchLoad.A [renamed]


ALERT: [TR/Gendal.6133535] /media/Devices/sda2/Program Files/Intel/Wireless/Bin/S24EvMon.exe <<< Is the Trojan horse TR/Gendal.6133535 [renamed]


ALERT: [W32/PatchLoad.A] /media/Devices/sda2/Program Files/Intel/Wireless/Bin/WLKEEPER.exe <<< Contains signature of the Windows virus W32/PatchLoad.A [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/Intel/Wireless/Bin/ZCfgSvc.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Kazy.25211.21] /media/Devices/sda2/Program Files/Java/jre6/bin/jqs.exe <<< Is the Trojan horse TR/Kazy.25211.21 [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/QuickTime/qttask .exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/QuickTime/qttask.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/Program Files/Microsoft Office/Office12/GrooveMonitor.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


WARNING: [Archive is invalid or corrupt] /media/Devices/sda2/Program Files/WinRAR/rarnew.dat


ALERT: [BDS/ZAccess.dg] /media/Devices/sda2/Qoobox/Quarantine/C/WINDOWS/assembly/GAC_MSIL/desktop.ini.vir <<< Contains a signature of the (dangerous) backdoor program BDS/ZAccess.dg Backdoor server programs [renamed]


ALERT: [TR/Rootkit.Gen] /media/Devices/sda2/Qoobox/Quarantine/C/WINDOWS/system32/Drivers/rasl2tp.sys.vir <<< Is the Trojan horse TR/Rootkit.Gen [renamed]


ALERT: [W32/PatchLoad.A] /media/Devices/sda2/WINDOWS/system32/wuauclt.exe <<< Contains signature of the Windows virus W32/PatchLoad.A [renamed]


WARNING: [Unexpected end of file] /media/Devices/sda2/WINDOWS/Temp/5047e27c-9de0-4fcb-b2de-659dba8a5439.tmp


WARNING: [Bad compressed data] /media/Devices/sda2/WINDOWS/Temp/36942b83-95bc-4f9c-a8af-05eee793baf0.tmp


WARNING: [Bad compressed data] /media/Devices/sda2/WINDOWS/Temp/bdb4a872-8f78-4d2f-bb95-baa15d81f819.tmp


WARNING: [Error reading file] /media/Devices/sda2/WINDOWS/Temp/4ad3185e-3ac9-4896-97e3-86bbaf498956.tmp


ALERT: [TR/Dropper.Gen] /media/Devices/sda2/WINDOWS/Temp/hki377.exe <<< Is the Trojan horse TR/Dropper.Gen [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/WINDOWS/Temp/tjnvac/setup.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


WARNING: [File is encrypted] /media/Devices/sda2/WINDOWS/Temp/SAS_SelfExtract/Quarantine/Quarantine - 06-26-2011 - 17-55-19.SBU


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/WINDOWS/Temp/Jdr.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/WINDOWS/twain_32/Samsung/CLX3170/Scan2pc .exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/WINDOWS/twain_32/Samsung/CLX3170/Scan2pc.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Dropper.Gen] /media/Devices/sda2/WINDOWS/Fonts/J0uR2JE.com_ <<< Is the Trojan horse TR/Dropper.Gen [renamed]


ALERT: [BDS/ZAccess.bc] /media/Devices/sda2/WINDOWS/assembly/GAC_MSIL/Desktop(2).ini <<< Contains a signature of the (dangerous) backdoor program BDS/ZAccess.bc Backdoor server programs [renamed]


ALERT: [BDS/ZAccess.dg] /media/Devices/sda2/WINDOWS/assembly/GAC_MSIL/Desktop.ini <<< Contains a signature of the (dangerous) backdoor program BDS/ZAccess.dg Backdoor server programs [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/System Volume Information/_restore{7BEF35F8-68AE-427C-A324-766C932918CC}/RP0/A0001011.com <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


ALERT: [TR/Dropper.Gen] /media/Devices/sda2/System Volume Information/_restore{7BEF35F8-68AE-427C-A324-766C932918CC}/RP0/A0008015.exe <<< Is the Trojan horse TR/Dropper.Gen [renamed]


ALERT: [TR/Dropper.Gen] /media/Devices/sda2/System Volume Information/_restore{7BEF35F8-68AE-427C-A324-766C932918CC}/RP0/A0008016.exe <<< Is the Trojan horse TR/Dropper.Gen [renamed]


ALERT: [TR/Dropper.Gen] /media/Devices/sda2/System Volume Information/_restore{7BEF35F8-68AE-427C-A324-766C932918CC}/RP0/A0008017.exe <<< Is the Trojan horse TR/Dropper.Gen [renamed]


ALERT: [TR/VB.Downloader.Gen] /media/Devices/sda2/System Volume Information/_restore{7BEF35F8-68AE-427C-A324-766C932918CC}/RP0/A0008020.exe <<< Is the Trojan horse TR/VB.Downloader.Gen [renamed]


ALERT: [TR/Crypt.ZPACK.Gen] /media/Devices/sda2/System Volume Information/_restore{7BEF35F8-68AE-427C-A324-766C932918CC}/RP0/A0008021.exe <<< Is the Trojan horse TR/Crypt.ZPACK.Gen [renamed]


Statistics :
Directories............... : 8041
Archives.................. : 1388
Files..................... : 303226
Infected.............. : 57
Renamed........... : 57
Warnings.............. : 14
Suspicious............ : 0
Infections................ : 57

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus2nd August 2011, 3:36 pm

more_horiz
You must first verify that you can logon to the Windows Recovery Console. ComboFix should have installed one for you.

To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console

Please download maxhandle.exe by noahdfear to your desktop

  • Double click and run the application
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals (every time it is run).
  • Log is saved to c:\maxhandle.txt
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.
Please post this log.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus2nd August 2011, 4:34 pm

more_horiz
I now have Windows recovery console installed. Am i to boot up recovery console mode and run?

I have downloaded maxhandle.exe onto a usb and added to my desktop but each time i attempt to run it brings a request for which program to download/open file with - Adobe, media player, windows picture viewer etc etc

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus3rd August 2011, 12:41 am

more_horiz
run it brings a request for which program to download/open file with - Adobe, media player, windows picture viewer etc etc

Does this happen with other applications? Example Malwarebytes?

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus3rd August 2011, 9:39 am

more_horiz
It happens with all current applications on my desktop, including internet explorer and malewarebytes. Asking which program i would like to open with.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus3rd August 2011, 12:05 pm

more_horiz
We need to do a extension fix:

Open notepad and copy and paste next present in the Codebox below in it:
(don't forget to copy and paste REGEDIT4)


Code:

REGEDIT4

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]

[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]

[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]


Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Google Redirect Virus - Page 1 Reg

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok

Please Reboot your computer.

Then run maxhandle.exe

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus3rd August 2011, 12:45 pm

more_horiz
just to confrim i extracted the files from Maxhandle.exe and ran 'hand.bat' as it would not allow me to run by double clicking the maxhandle icon saved onto my desktop

Maxhandle.txt:


Run from on 03/08/2011 at 13:43:03.10

found C:\WINDOWS\system32\config\rkdannio

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus3rd August 2011, 2:34 pm

more_horiz
Run TDSSKiller as you did in post 10. Post this log please.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus3rd August 2011, 2:56 pm

more_horiz
Downloaded to desktop new TDSSkiller
Unbale to run , same message each time i attempt to run it brings a request for which program to download/open file with - Adobe, media player, windows picture viewer etc etc

I Have saved to C:Drive and right clicked and tried 'run as'

Warning appears- Can't initialize log'
followed by
'Can't load driver'

I have tried renaming the application and carried out both the above, desktop and C:Drive withe the same results

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus3rd August 2011, 4:13 pm

more_horiz
TDSSkiller needs to be on your destop. Then, make sure extensions are shown, see here how to do this.

Then run TDSSkiller.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus3rd August 2011, 5:05 pm

more_horiz
TDSSkiller on desktop, file extensions shown but same errors

Warning appears- Can't initialize log'
followed by
'Can't load driver'

When i boot up the pc it get the following error messagae

'UScroL setup has encountered a problem and needs to close'

Not sure if this causes and issues.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus3rd August 2011, 5:20 pm

more_horiz
Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below


Google Redirect Virus - Page 1 AswMBR_Scan-1
Note: Do not take action against any **Rootkit** entries until I have reviewed the log.

  • Once the scan finishes click Save log to save the log to your Desktop
    Google Redirect Virus - Page 1 AswMBR_SaveLog
  • Copy and paste the contents of aswMBR.txt back here for review

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus3rd August 2011, 6:20 pm

more_horiz
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-03 19:05:39
-----------------------------
19:05:39.000 OS Version: Windows 5.1.2600 Service Pack 3
19:05:39.000 Number of processors: 1 586 0xD08
19:05:39.000 ComputerName: ABEXL0002 UserName:
19:05:39.609 Initialize success
19:06:53.312 AVAST engine defs: 11080301
19:07:41.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:07:41.156 Disk 0 Vendor: Hitachi_HTS541060G9AT00 MB3OA61A Size: 57231MB BusType: 3
19:07:43.515 Disk 0 MBR read successfully
19:07:43.515 Disk 0 MBR scan
19:07:43.546 Disk 0 Windows XP default MBR code
19:07:43.546 Disk 0 scanning sectors +117210240
19:07:43.750 Disk 0 scanning C:\WINDOWS\system32\drivers
19:07:57.375 Service scanning
19:07:58.859 Modules scanning
19:08:03.390 Disk 0 trace - called modules:
19:08:03.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
19:08:03.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fc75e0]
19:08:03.421 3 CLASSPNP.SYS[f7587fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f5c940]
19:08:03.843 AVAST engine scan C:\WINDOWS
19:08:20.343 AVAST engine scan C:\WINDOWS\system32
19:10:18.281 File: C:\WINDOWS\system32\wuauclt.exe.vir **INFECTED** Win32:Patched-WQ [Trj]
19:10:22.453 AVAST engine scan C:\WINDOWS\system32\drivers
19:10:38.921 AVAST engine scan C:\Documents and Settings\abbeyfield
19:10:40.500 File: C:\Documents and Settings\abbeyfield\Application Data\Adobe\plugs\mmc2409671.txt **INFECTED** Win32:MalOb-DT [Cryp]
19:11:34.562 File: C:\Documents and Settings\abbeyfield\Application Data\Sun\Java\Deployment\cache\6.0\63\5f91807f-5e90eac4 **INFECTED** Win32:Trojan-gen
19:17:14.937 AVAST engine scan C:\Documents and Settings\All Users
19:18:51.968 Scan finished successfully
19:19:26.328 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
19:19:26.375 The log file has been saved successfully to "E:\aswMBR.txt"


descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus4th August 2011, 2:47 pm

more_horiz
ComboFix should run and finish but, let's remove AVG:

Use the uninstaller below:

Please download AppRemover to your Desktop. Double-click AppRemover.exe.
Google Redirect Virus - Page 1 Excl Untick Enable anonymous usage statistic.
Click Next>>. Select AVG and click Next>>.
By clicking Next>> again, AppRemover will start the uninstall process. This may take a few minutes.
Once completed you may be prompted to restart your system. Please do so.


Note

If AVG is not listed. Rerun AppRemover and select to "Clean Up a Failed Uninstall" Select AVG follow the promts.

Delete the copy of ComboFix you have & download it again from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! RENAME ComboFix.exe to Commy.exe BEFORE you save it to your Desktop**

And following the intructions in the ComboFix post. And post the log please.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus4th August 2011, 5:07 pm

more_horiz
installed Appremover, ran as instructed but nothing found.

Downloaded and ran ComboFix as Commyfix, does not compete, has run for 2 hours.

Shall i rerun and leave until complete?

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus4th August 2011, 6:00 pm

more_horiz
ComboFix takes at least 20-30 minutes to finish if needed. So two hours is to long.

On your keyboard press Ctrl-Alt-Delete to bring up Task Manager. Open Task Manager and click the “New Task” button. Then and copy/paste following bolded text into the Create New Task box and click OK:

"%userprofile%\Desktop\Commy.exe"

ComboFix should run again. When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus4th August 2011, 8:10 pm

more_horiz
Done as above. Combofix starts and then the following message appears

'Scanning for infected files...
This typically doesn't take more than 10 minutes
However scan times for badly infected machines may easily double'

Nothing else happens. Cursor flashing on next line

tried twice for well over 30 minutes with no end. I have to reboot as it does not let me close down



descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus5th August 2011, 5:28 pm

more_horiz
Are you able to use this PC in normal mode? Also, do you have access to a XP windows CD?

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus8th August 2011, 10:07 am

more_horiz
I can boot up in normal mode though everything is extremely slow.
I do not have access to an XP Windows cd.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus8th August 2011, 7:01 pm

more_horiz
though everything is extremely slow.

This PC is still infected that is why your PC is slow. I like for you to run cureit


Click here to download Dr.Web CureIt and save it to your desktop.

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Google Redirect Virus - Page 1 Check
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Google Redirect Virus - Page 1 Move
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.


descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus9th August 2011, 12:47 pm

more_horiz
Jdr.exe.#ir;C:\WINDOWS\temp;Probably Trojan.Packed.194;Incurable.Deleted.;
gnp.exe.vir;C:\Documents and Settings\NetworkService\Local Settings\Application Data;Probably Trojan.Packed.194;Incurable.Deleted.;
VikPev00;C:\Fixyou;Probably MACRO.SCRIPT.Virus;Incurable.Deleted.;
VikPev00;C:\Fixyou18967F;Probably MACRO.SCRIPT.Virus;Incurable.Deleted.;
VikPev00;C:\Fixyou7619F;Probably MACRO.SCRIPT.Virus;Incurable.Deleted.;
Reader_sl.exe.vir;C:\Program Files\Adobe\Reader 9.0\Reader;Probably Trojan.Packed.194;Incurable.Deleted.;
atiptaxx.exe.vir;C:\Program Files\ATI Technologies\ATI Control Panel;Probably Trojan.Packed.194;Incurable.Deleted.;
BTHelpNotifier.exe.vir;C:\Program Files\BT Business Broadband Desktop Help\btbb;Probably Trojan.Packed.194;Incurable.Deleted.;
AdobeARM.exe.vir;C:\Program Files\Common Files\Adobe\ARM\1.0;Probably Trojan.Packed.194;Incurable.Deleted.;
jusched.exe.vir;C:\Program Files\Common Files\Java\Java Update;Probably Trojan.Packed.194;Incurable.Deleted.;
LVPrcSrv.exe.vir;C:\Program Files\Common Files\LogiShrd\LVMVFM;Trojan.Starter.1695;Cured.;
McciCMService.exe.vir;C:\Program Files\Common Files\Motive;Trojan.Starter.1695;Cured.;
HPWuSchd2.exe.vir;C:\Program Files\Hewlett-Packard\HP Software Update;Probably Trojan.Packed.194;Incurable.Deleted.;
Dot1XCfg.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
Dot1XCfg.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
Dot1XCfg.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
EvtEng.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
ifrmewrk.exe.vir;C:\Program Files\Intel\Wireless\Bin;Probably Trojan.Packed.194;Incurable.Moved.;
RegSrvc.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
S24EvMon.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
WLKEEPER.exe.vir;C:\Program Files\Intel\Wireless\Bin;Trojan.Starter.1695;Cured.;
ZCfgSvc.exe.vir;C:\Program Files\Intel\Wireless\Bin;Probably Trojan.Packed.194;Incurable.Moved.;
jqs.exe.vir;C:\Program Files\Java\jre6\bin;Trojan.Starter.1695;Cured.;
amclient.exe.vir;C:\Program Files\LANDesk\LDClient;Probably Trojan.Packed.194;Incurable.Moved.;
issuser.exe.vir;C:\Program Files\LANDesk\LDClient;Trojan.Starter.1695;Cured.;
LDIScn32.exe.vir;C:\Program Files\LANDesk\LDClient;Probably Trojan.Packed.194;Incurable.Moved.;
LocalSch.EXE.vir;C:\Program Files\LANDesk\LDClient;Trojan.Starter.1695;Cured.;
SoftMon.exe.vir;C:\Program Files\LANDesk\LDClient;Trojan.Starter.1695;Cured.;
tmcsvc.exe.vir;C:\Program Files\LANDesk\LDClient;Trojan.Starter.1695;Cured.;
sdclientmonitor.exe.vir;C:\Program Files\LANDesk\LDClient\WebPortal;Probably Trojan.Packed.194;Incurable.Moved.;
residentAgent.exe.vir;C:\Program Files\LANDesk\Shared Files;Trojan.Starter.1695;Cured.;
GrooveMonitor.exe.vir;C:\Program Files\Microsoft Office\Office12;Probably Trojan.Packed.194;Incurable.Moved.;
qttask .exe.vir;C:\Program Files\QuickTime;Probably Trojan.Packed.194;Incurable.Moved.;
qttask.exe.vir;C:\Program Files\QuickTime;Probably Trojan.Packed.194;Incurable.Moved.;
rasl2tp.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers;BackDoor.Maxplus.13;Incurable.Moved.;
A0001011.com.vir;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP0;Probably Trojan.Packed.194;Incurable.Moved.;
A0008020.exe.vir;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP0;Trojan.PWS.Siggen.19141;Incurable.Moved.;
A0008021.exe.vir;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP0;Probably Trojan.Packed.194;Incurable.Moved.;
A0008024.exe;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP0;Trojan.DownLoad2.32296;Deleted.;
A0026078.scr;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP2;Trojan.MulDrop2.44246;Incurable.Moved.;
A0030216.exe;C:\System Volume Information\_restore{7BEF35F8-68AE-427C-A324-766C932918CC}\RP2;Probably Trojan.Packed.191;Incurable.Moved.;
Desktop(2).ini.vir;C:\WINDOWS\assembly\GAC_MSIL;BackDoor.Siggen.30798;Incurable.Moved.;
Jdr.exe.#ir;C:\WINDOWS\Temp;Probably Trojan.Packed.194;Invalid path to file ;
Scan2pc .exe.vir;C:\WINDOWS\twain_32\Samsung\CLX3170;Probably Trojan.Packed.194;Incurable.Moved.;
Scan2pc.exe.vir;C:\WINDOWS\twain_32\Samsung\CLX3170;Probably Trojan.Packed.194;Incurable.Moved.;

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus9th August 2011, 10:00 pm

more_horiz
Let's see what we have now. Scan again with OTL use the same link and instructions as the first time you ran OTL. Post both logs please.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus10th August 2011, 8:35 pm

more_horiz
When running OTL scan an error messsage appears

'm' is not a valid integer value

I then have to click 'ok' to continue but the scan freezes and does not complete

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus11th August 2011, 8:53 pm

more_horiz
A lot of the tools is not working with this PC. Problem with these infections nowadays is, it causes a lot of damage. Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution. Format and Reinstall Windows at this point, might be the best thing to do. Let's see if we can download a fresh copy and run OTL another way as in the folowing:


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus12th August 2011, 11:10 am

more_horiz
rebooting my Pc is now taking a very long time . Desktop is taking 5-10 minutes to appear.

Have re-run OTL in std mode and this time it completed with no error messages.


OTL logfile created on: 12/08/2011 11:51:22 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\abbeyfield\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.36 Mb Total Physical Memory | 684.38 Mb Available Physical Memory | 67.40% Memory free
2.40 Gb Paging File | 2.20 Gb Available in Paging File | 91.55% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.79 Gb Total Space | 31.97 Gb Free Space | 57.30% Space Free | Partition Type: NTFS

Computer Name: ABEXL0002 | User Name: abbeyfield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/12 11:27:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abbeyfield\Desktop\OTL.exe
PRC - [2010/05/07 19:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 19:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2009/10/13 11:41:27 | 000,606,208 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/19 05:24:52 | 000,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2006/02/19 04:21:22 | 000,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/02/19 02:41:10 | 000,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/11/17 11:31:52 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2004/12/15 08:07:44 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe


========== Modules (SafeList) ==========

MOD - [2011/08/12 11:27:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abbeyfield\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (WLANKEEPER) Intel(R)
SRV - File not found [Auto | Stopped] -- -- (Softmon) LANDesk(R)
SRV - File not found [Auto | Stopped] -- -- (S24EventMonitor) Intel(R)
SRV - File not found [Auto | Stopped] -- -- (RegSrvc) Intel(R)
SRV - File not found [Unknown | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- -- (McciCMService)
SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (ISSUSER)
SRV - File not found [Auto | Stopped] -- -- (Intel Targeted Multicast)
SRV - File not found [Auto | Stopped] -- -- (Intel Local Scheduler Service)
SRV - File not found [Auto | Stopped] -- -- (EvtEng) Intel(R)
SRV - File not found [Auto | Stopped] -- -- (CBA8) LANDesk(R)
SRV - [2011/02/08 09:46:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2005/11/17 11:31:52 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)


========== Driver Services (SafeList) ==========

DRV - [2010/05/19 17:00:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/05/19 17:00:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/14 23:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/14 23:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC)
DRV - [2010/05/14 23:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 23:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/03/25 12:44:40 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2007/02/21 12:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/08 14:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/07/01 16:48:34 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2005/07/01 16:48:34 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2005/07/01 16:48:34 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2005/05/03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 17:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/11 14:18:22 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/08/17 13:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=74e7098000000000000000166f634dee&tlver=1.4.19.19&affID=17162

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://csg.abbeyfield.com/http/webgateway/Citrix/AccessPlatform1/auth/silentDetection.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://csg.abbeyfield.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 20:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/07/19 12:18:31 | 000,000,000 | ---D | M]

[2011/03/07 15:45:20 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/08/11 15:38:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [3170 Scan2PC] File not found
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
O4 - HKLM..\Run: [ATIPTA] File not found
O4 - HKLM..\Run: [btbb_McciTrayApp] File not found
O4 - HKLM..\Run: [GrooveMonitor] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelAPMClient] File not found
O4 - HKLM..\Run: [IntelWireless] File not found
O4 - HKLM..\Run: [IntelZeroConfig] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LANDeskInventoryClient] File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SDClientMonitor] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [acxcfg90] C:\Documents and Settings\abbeyfield\Local Settings\Application Data\AsyncCommsAgent\acxcfg90.dll ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\abbeyfield\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227621843437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227627097437 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\abbeyfield\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\abbeyfield\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/24 16:38:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/12 10:50:52 | 000,208,705 | ---- | M] () - C:\Automated Summary Timesheet Template.xlsx -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gnp.exe" -a "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gnp.exe" -a "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/12 11:36:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\abbeyfield\Desktop\OTL.exe
[2011/08/08 20:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\abbeyfield\DoctorWeb
[2011/08/08 11:02:50 | 000,000,000 | --SD | C] -- C:\Commy
[2011/08/04 16:12:47 | 004,164,501 | R--- | C] (Swearware) -- C:\Documents and Settings\abbeyfield\Desktop\Commy.exe
[2011/08/04 16:00:51 | 006,615,552 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\abbeyfield\Desktop\AppRemover.exe
[2011/08/03 19:01:52 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\abbeyfield\Desktop\aswMBR.exe
[2011/08/03 15:49:30 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[2011/08/03 13:38:35 | 000,520,496 | ---- | C] (Sysinternals) -- C:\WINDOWS\Listdlls.exe
[2011/08/03 13:38:32 | 000,423,288 | ---- | C] (Sysinternals) -- C:\WINDOWS\handle.exe
[2011/07/29 14:10:17 | 000,000,000 | --SD | C] -- C:\Fixyou7619F
[2011/07/29 13:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/29 13:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/29 13:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dC00000NgAeB00000
[2011/07/29 13:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\AsyncCommsAgent
[2011/07/28 20:15:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/27 09:24:26 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\abbeyfield\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/25 18:32:02 | 000,000,000 | --SD | C] -- C:\Fixyou18967F
[2011/07/25 17:14:13 | 000,000,000 | --SD | C] -- C:\Fixyou
[2011/07/15 21:51:00 | 000,000,000 | ---D | C] -- C:\WIP
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/12 11:50:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/12 11:45:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/12 11:27:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abbeyfield\Desktop\OTL.exe
[2011/08/11 15:38:50 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/11 15:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/08/11 15:16:10 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/08/11 15:15:43 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\tasks\Nujsfzfpfq.job
[2011/08/09 13:38:19 | 000,004,429 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Desktop\DrWeb.csv
[2011/08/09 13:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/08/09 12:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/08/09 11:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/08/09 10:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/08/09 09:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/08/08 22:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/08/08 21:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/08/08 20:33:34 | 073,800,760 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Desktop\drweb-cureit.exe
[2011/08/04 20:30:08 | 004,164,501 | R--- | M] (Swearware) -- C:\Documents and Settings\abbeyfield\Desktop\Commy.exe
[2011/08/04 15:59:08 | 006,615,552 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\abbeyfield\Desktop\AppRemover.exe
[2011/08/03 19:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/08/03 18:57:36 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\abbeyfield\Desktop\aswMBR.exe
[2011/08/03 18:12:01 | 000,000,044 | ---- | M] () -- C:\Documents and Settings\abbeyfield\temp1
[2011/08/03 18:12:01 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\abbeyfield\temp2
[2011/08/03 18:11:58 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\abbeyfield\temp0
[2011/08/03 18:11:58 | 000,000,011 | ---- | M] () -- C:\Documents and Settings\abbeyfield\temp4
[2011/08/03 18:11:58 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\abbeyfield\temp3
[2011/08/03 14:56:06 | 000,803,104 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Desktop\maxhandle.exe
[2011/08/03 13:28:14 | 000,000,309 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Desktop\fix.reg
[2011/08/02 21:10:56 | 000,693,498 | ---- | M] () -- C:\Documents and Settings\abbeyfield\rebuilt.maxhandle.rar
[2011/07/31 21:22:23 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\System32\c_90114.nl_
[2011/07/29 17:26:08 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[2011/07/29 17:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/07/29 16:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/07/29 14:27:32 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\eFRY0wSh4.dat
[2011/07/29 14:23:49 | 000,016,672 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\io60w3638q1k8bq277ggn37rb
[2011/07/29 14:23:49 | 000,016,672 | -HS- | M] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\io60w3638q1k8bq277ggn37rb
[2011/07/29 13:58:33 | 000,012,346 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3708712179
[2011/07/29 13:55:33 | 000,068,096 | RHS- | M] () -- C:\WINDOWS\System32\d3dxofz.dll
[2011/07/29 13:54:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/07/27 09:25:09 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/27 09:24:49 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\abbeyfield\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/25 13:27:51 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/13 13:09:31 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/09 13:38:19 | 000,004,429 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Desktop\DrWeb.csv
[2011/08/08 20:38:05 | 073,800,760 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Desktop\drweb-cureit.exe
[2011/08/03 19:16:47 | 000,803,104 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Desktop\maxhandle.exe
[2011/08/03 15:00:33 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\abbeyfield\temp1
[2011/08/03 15:00:33 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\abbeyfield\temp2
[2011/08/03 15:00:30 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\abbeyfield\temp0
[2011/08/03 15:00:30 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\abbeyfield\temp4
[2011/08/03 15:00:30 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\abbeyfield\temp3
[2011/08/03 13:38:30 | 000,210,717 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Desktop\Handle.zip
[2011/08/03 13:37:09 | 000,000,309 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Desktop\fix.reg
[2011/08/02 21:10:55 | 000,693,498 | ---- | C] () -- C:\Documents and Settings\abbeyfield\rebuilt.maxhandle.rar
[2011/07/29 14:26:46 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\eFRY0wSh4.dat
[2011/07/29 13:56:59 | 000,016,672 | -HS- | C] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\io60w3638q1k8bq277ggn37rb
[2011/07/29 13:56:59 | 000,012,346 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3708712179
[2011/07/29 13:55:34 | 000,000,314 | -HS- | C] () -- C:\WINDOWS\tasks\Nujsfzfpfq.job
[2011/07/29 13:55:33 | 000,068,096 | RHS- | C] () -- C:\WINDOWS\System32\d3dxofz.dll
[2011/07/29 13:55:29 | 000,016,672 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\io60w3638q1k8bq277ggn37rb
[2011/07/29 13:55:29 | 000,016,024 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\io60w3638q1k8bq277ggn37rb
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/07/29 13:54:25 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/07/15 21:24:59 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\System32\c_90114.nl_
[2011/07/13 11:49:50 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\xucneurc.sys
[2011/07/13 10:15:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/13 10:15:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/13 10:15:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/13 10:15:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/13 10:15:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/12 20:44:24 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\irnfrnvp.sys
[2011/07/12 20:20:53 | 000,004,407 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Application Data\CB6A.565
[2011/06/26 17:56:14 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cssfx.sys
[2011/06/23 16:45:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/23 13:34:19 | 000,005,932 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\punvj0rj43t4v6
[2011/06/23 13:34:19 | 000,005,932 | -HS- | C] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\punvj0rj43t4v6
[2011/03/07 15:45:23 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/10/04 11:02:41 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2010/10/04 11:02:14 | 000,011,650 | -H-- | C] () -- C:\Documents and Settings\abbeyfield\Application Data\SmarThruOptions.xml
[2010/10/04 11:01:47 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2010/10/04 11:01:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll
[2010/10/04 10:59:20 | 000,113,768 | R--- | C] () -- C:\WINDOWS\Wiainst.exe
[2010/10/04 10:54:05 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll
[2010/10/04 10:53:25 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2010/10/04 10:53:25 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2010/10/04 10:53:24 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2010/10/04 10:53:24 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2010/10/04 10:53:24 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2010/05/18 12:52:23 | 000,117,248 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 22:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 22:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 22:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 22:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/10 12:14:25 | 000,117,469 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/05/07 19:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/30 16:16:38 | 000,069,063 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/04/30 16:16:37 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/04/09 12:26:07 | 001,821,566 | ---- | C] () -- C:\Program Files\FSCaptureSetup65.exe
[2010/03/17 16:11:48 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\abbeyfield\Local Settings\Application Data\fusioncache.dat
[2010/03/17 15:25:08 | 000,110,436 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2010/03/17 15:25:07 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2010/03/09 12:45:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/02/23 13:38:13 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/11/26 13:51:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\ENABLING.INI
[2008/11/24 17:34:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2008/11/24 16:42:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/24 16:35:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/24 16:05:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/24 16:04:16 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/20 01:28:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/03/22 00:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 00:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,444,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,072,660 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/07/12 20:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Arqiok
[2011/07/12 11:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\AVG9
[2011/03/07 15:46:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\abbeyfield\Application Data\BabylonToolbar
[2009/02/23 17:44:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\abbeyfield\Application Data\ICAClient
[2011/07/12 20:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Ilyfe
[2010/11/09 12:41:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Leadertech
[2010/03/09 13:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\MSNInstaller
[2011/04/18 12:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Omem
[2010/09/02 13:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Participatory Culture Foundation
[2011/03/24 14:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\PCF-VLC
[2011/07/25 16:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Shareaza
[2010/10/04 11:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\SmarThru4
[2011/07/29 16:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Spotify
[2011/04/18 12:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abbeyfield\Application Data\Xuezus
[2011/07/13 10:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/05/04 12:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bIi06511gCdCp06511
[2011/03/15 12:07:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/29 13:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dC00000NgAeB00000
[2011/06/23 22:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/31 21:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/08/09 09:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/08/09 10:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/08/09 11:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/08/09 12:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/08/09 13:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/08/11 15:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/07/29 16:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/07/29 17:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/08/03 19:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/08/08 21:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/08/08 22:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/07/29 13:54:26 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/08/11 15:15:43 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\Tasks\Nujsfzfpfq.job
[2011/08/11 15:16:10 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\abbeyfield\My Documents\My Pictures:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\abbeyfield\My Documents\My Music:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\abbeyfield\My Documents\My Albums:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Adele 21:Shareaza.GUID

< End of report >

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus12th August 2011, 11:10 am

more_horiz
OTL Extras logfile created on: 12/08/2011 11:51:22 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\abbeyfield\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.36 Mb Total Physical Memory | 684.38 Mb Available Physical Memory | 67.40% Memory free
2.40 Gb Paging File | 2.20 Gb Available in Paging File | 91.55% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.79 Gb Total Space | 31.97 Gb Free Space | 57.30% Space Free | Partition Type: NTFS

Computer Name: ABEXL0002 | User Name: abbeyfield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gnp.exe" -a "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\gnp.exe" -a "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service -- (LANDesk Software Ltd.)
"C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service -- (LANDesk Software Ltd.)
"C:\Program Files\LANDesk\LDClient\issuser.exe" = C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\abbeyfield\Local Settings\Temporary Internet Files\Content.IE5\9IU4HVG9\PDFConverterSetup[1].exe" = C:\Documents and Settings\abbeyfield\Local Settings\Temporary Internet Files\Content.IE5\9IU4HVG9\PDFConverterSetup[1].exe:*:Enabled:InstallCore™
"C:\Program Files\SamsungPrinterLiveUpdate\SP_Connector.exe" = C:\Program Files\SamsungPrinterLiveUpdate\SP_Connector.exe:*:Disabled:Samsung Printer Connector -- (Samsung Printer)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprbUpdate.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprbUpdate.exe:*:Disabled:Hewlett-Packard Product Assistant -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe" = C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe:*:Disabled:Logitech Updater -- (Logitech, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Citrix\ICA Client\wfica32.exe" = C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix Client Engine -- (Citrix Systems, Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Disabled:mcci+McciBrowser -- (Alcatel-Lucent)
"C:\Program Files\Common Files\Java\Java Update\jaucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jaucheck.exe:*:Enabled:Java(TM) Update Client Checker -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe:*:Enabled:Adobe Reader and Acrobat Manager
"C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Disabled:mcci+McciTrayApp
"C:\Program Files\Apple Software Update\SoftwareUpdate.exe" = C:\Program Files\Apple Software Update\SoftwareUpdate.exe:*:Disabled:Apple Software Update -- (Apple Inc.)
"C:\WINDOWS\system32\WgaTray.exe" = C:\WINDOWS\system32\WgaTray.exe:*:Disabled:Windows Genuine Advantage Notifications -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Java\Java Update\jusched.exe" = C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:Java(TM) Update Scheduler
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:Java(TM) Update Checker -- (Sun Microsystems, Inc.)
"C:\Program Files\LANDesk\LDClient\LDISCN32.EXE" = C:\Program Files\LANDesk\LDClient\LDISCN32.EXE:*:Enabled:Inventory Scanner for Windows
"C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.7029722626396282.exe" = C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.7029722626396282.exe:*:Enabled:0.7029722626396282
"C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.15735610579295667.exe" = C:\Documents and Settings\abbeyfield\Local Settings\Temp\0.15735610579295667.exe:*:Enabled:0.15735610579295667
"C:\Documents and Settings\abbeyfield\Application Data\Adobe\plugs\mmc102.exe" = C:\Documents and Settings\abbeyfield\Application Data\Adobe\plugs\mmc102.exe:*:Disabled:mmc102.exe
"C:\Documents and Settings\abbeyfield\Application Data\dwm.exe" = C:\Documents and Settings\abbeyfield\Application Data\dwm.exe:*:Disabled:dwm
"C:\Documents and Settings\abbeyfield\Local Settings\Temp\csrss.exe" = C:\Documents and Settings\abbeyfield\Local Settings\Temp\csrss.exe:*:Disabled:csrss
"C:\ComboFix\ComboFix-Download.cfxxe" = C:\ComboFix\ComboFix-Download.cfxxe:*:Enabled:ComboFix-Download
"C:\Documents and Settings\abbeyfield\Desktop\TDSSKiller.exe" = C:\Documents and Settings\abbeyfield\Desktop\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk(R) Common Base Agent 8
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}" = Microsoft Office Excel 2007 Get Started Tab
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BT Business Broadband Desktop Help" = BT Business Broadband Desktop Help
"BTBusinessHub" = BTBusinessHub
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Capture" = FastStone Capture 6.6
"GoToAssist" = GoToAssist Corporate
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"Spotify" = Spotify
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/08/2011 10:59:10 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 10:59:14 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 10:59:49 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:03 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:08 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:11 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:36 | Computer Name = ABEXL0002 | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
unknown, version 0.0.0.0, fault address 0x00a6f118.

Error - 11/08/2011 11:07:01 | Computer Name = ABEXL0002 | Source = SENS | ID = 0
Description =

Error - 11/08/2011 11:17:42 | Computer Name = ABEXL0002 | Source = SENS | ID = 0
Description =

Error - 12/08/2011 06:50:51 | Computer Name = ABEXL0002 | Source = SENS | ID = 0
Description =

[ Application Events ]
Error - 04/08/2011 10:59:10 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 10:59:14 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 10:59:49 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:03 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:08 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:11 | Computer Name = ABEXL0002 | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 04/08/2011 11:01:36 | Computer Name = ABEXL0002 | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
unknown, version 0.0.0.0, fault address 0x00a6f118.

Error - 11/08/2011 11:07:01 | Computer Name = ABEXL0002 | Source = SENS | ID = 0
Description =

Error - 11/08/2011 11:17:42 | Computer Name = ABEXL0002 | Source = SENS | ID = 0
Description =

Error - 12/08/2011 06:50:51 | Computer Name = ABEXL0002 | Source = SENS | ID = 0
Description =

[ OSession Events ]
Error - 16/08/2010 11:53:19 | Computer Name = ABEXL0002 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 36
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/08/2011 06:54:01 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:01 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:06 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:06 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:07 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:07 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:12 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:12 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:12 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2

Error - 12/08/2011 06:54:12 | Computer Name = ABEXL0002 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%2


< End of report >

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus12th August 2011, 4:40 pm

more_horiz
Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:

    :processes
    killallprocesses

    :OTL
    O4 - HKLM..\Run: [3170 Scan2PC] File not found
    O4 - HKLM..\Run: [Adobe ARM] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
    O4 - HKLM..\Run: [ATIPTA] File not found
    O4 - HKLM..\Run: [btbb_McciTrayApp] File not found
    O4 - HKLM..\Run: [GrooveMonitor] File not found
    O4 - HKLM..\Run: [IntelAPMClient] File not found
    O4 - HKLM..\Run: [IntelWireless] File not found
    O4 - HKLM..\Run: [IntelZeroConfig] File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [LANDeskInventoryClient] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    :Files
    C:\Documents and Settings\All Users\Application Data\io60w3638q1k8bq277ggn37rb
    C:\Documents and Settings\All Users\Application Data\3708712179
    C:\Documents and Settings\abbeyfield\Local Settings\Application Data\io60w3638q1k8bq277ggn37rb
    C:\WINDOWS\System32\d3dxofz.dll
    C:\WINDOWS\Tasks\At*.job
    ipconfig /release /c
    ipconfig /renew /c
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus13th August 2011, 10:06 am

more_horiz
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\3170 Scan2PC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ATIPTA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\btbb_McciTrayApp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IntelAPMClient deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IntelWireless deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IntelZeroConfig deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LANDeskInventoryClient deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\io60w3638q1k8bq277ggn37rb moved successfully.
C:\Documents and Settings\All Users\Application Data\3708712179 moved successfully.
C:\Documents and Settings\abbeyfield\Local Settings\Application Data\io60w3638q1k8bq277ggn37rb moved successfully.
C:\WINDOWS\System32\d3dxofz.dll moved successfully.
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
C:\Documents and Settings\abbeyfield\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\abbeyfield\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
C:\Documents and Settings\abbeyfield\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\abbeyfield\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\abbeyfield\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\abbeyfield\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: abbeyfield
->Temp folder emptied: 222624710 bytes
->Temporary Internet Files folder emptied: 69746995 bytes
->Java cache emptied: 724574 bytes
->Flash cache emptied: 150424 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 69612 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 3596 bytes
->Temporary Internet Files folder emptied: 6894215 bytes
->Flash cache emptied: 1328 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 146594482 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 131640378 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3580502 bytes

Total Files Cleaned = 557.00 mb

Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: abbeyfield
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08132011_105522

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus14th August 2011, 3:09 pm

more_horiz
ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.


  • Please go here then click on: Google Redirect Virus - Page 1 EOLS1
  • Select the option YES, I accept the Terms of Use then click on: Google Redirect Virus - Page 1 EOLS2
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:


    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Now click on: Google Redirect Virus - Page 1 EOLS3
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Google Redirect Virus - Page 1 EOLS4
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus15th August 2011, 8:22 pm

more_horiz
When i boot up the PC each time before i reach my desktop i receive a warning pop up box with the header:

c:\windows\system32\themeui.dll

There are also several symbols before this. This header changes each time i load up my PC

I then need to press ok to continue, it then loads my desktop.

Here is the log from ESET scanner

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b819e60df1fed942a6af88da1d29a1be
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-15 01:48:55
# local_time=2011-08-15 02:48:55 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 31969505 31969505 0 0
# compatibility_mode=8192 67108863 100 0 150 150 0 0
# scanned=1069
# found=0
# cleaned=0
# scan_time=684
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b819e60df1fed942a6af88da1d29a1be
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-15 01:55:32
# local_time=2011-08-15 02:55:32 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 31970258 31970258 0 0
# compatibility_mode=8192 67108863 100 0 903 903 0 0
# scanned=1069
# found=0
# cleaned=0
# scan_time=328
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b819e60df1fed942a6af88da1d29a1be
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-15 02:53:32
# local_time=2011-08-15 03:53:32 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 31970877 31970877 0 0
# compatibility_mode=8192 67108863 100 0 1522 1522 0 0
# scanned=22897
# found=17
# cleaned=0
# scan_time=3189
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\A0001011.com.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\A0008020.exe.vir Win32/TrojanClicker.VB.NMH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\A0008021.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\amclient.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Desktop(2).ini.vir a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\GrooveMonitor.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\ifrmewrk.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Jdp.exe a variant of Win32/Injector.HZU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\LDIScn32.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\qttask .exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\qttask.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\rasl2tp.sys.vir Win32/Rootkit.Agent.NUS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Scan2pc .exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Scan2pc.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\sdclientmonitor.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\ZCfgSvc.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\Local Settings\Application Data\AsyncCommsAgent\acxcfg90.dll a variant of Win32/Sefnit.BN trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b819e60df1fed942a6af88da1d29a1be
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-15 04:25:40
# local_time=2011-08-15 05:25:40 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 31979436 31979436 0 0
# compatibility_mode=8192 67108863 100 0 10081 10081 0 0
# scanned=847
# found=0
# cleaned=0
# scan_time=158
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b819e60df1fed942a6af88da1d29a1be
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-15 04:35:28
# local_time=2011-08-15 05:35:28 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 31979708 31979708 0 0
# compatibility_mode=8192 67108863 100 0 10353 10353 0 0
# scanned=1069
# found=0
# cleaned=0
# scan_time=473
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b819e60df1fed942a6af88da1d29a1be
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-15 05:42:26
# local_time=2011-08-15 06:42:26 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 31980307 31980307 0 0
# compatibility_mode=8192 67108863 100 0 10952 10952 0 0
# scanned=49813
# found=18
# cleaned=0
# scan_time=3892
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\A0001011.com.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\A0008020.exe.vir Win32/TrojanClicker.VB.NMH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\A0008021.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\amclient.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Desktop(2).ini.vir a variant of Win32/Sirefef.CH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\GrooveMonitor.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\ifrmewrk.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Jdp.exe a variant of Win32/Injector.HZU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\LDIScn32.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\qttask .exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\qttask.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\rasl2tp.sys.vir Win32/Rootkit.Agent.NUS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Scan2pc .exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\Scan2pc.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\sdclientmonitor.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\DoctorWeb\Quarantine\ZCfgSvc.exe.vir a variant of Win32/Kryptik.QLX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\abbeyfield\Local Settings\Application Data\AsyncCommsAgent\acxcfg90.dll a variant of Win32/Sefnit.BN trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Sefnit.BN trojan 00000000000000000000000000000000 I




descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus17th August 2011, 11:08 am

more_horiz
Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    Code:

    :processes
    killallprocesses

    :OTL

    :Files
    C:\Documents and Settings\abbeyfield\Local Settings\Application Data\AsyncCommsAgent\acxcfg90.dll

    :Commands
    [Reboot]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next


Update Run Malwarebytes



  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

descriptionGoogle Redirect Virus - Page 1 EmptyRe: Google Redirect Virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum