Search results redirect

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Search results redirect20th January 2010, 3:53 am

After doing a google search and clicking on the results I am redirrected to other random search sites. I have updated and ran malwarebytes several times with no fix. Please help.

Re: Search results redirect20th January 2010, 4:04 am

I have downloaded combofix and tried to run but it just locks up and does not run.

Re: Search results redirect20th January 2010, 4:37 am

Since I could not get combofix to run I downloaded hijackthis and ran it. Here is the log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:33:39 PM, on 1/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4081211
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4081211
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229551525438
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98ba8ac7a90d0) (gupdate1c98ba8ac7a90d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - Unknown owner - C:\Program Files\LogMeIn\x86\LogMeIn.exe (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10397 bytes

Re: Search results redirect20th January 2010, 7:06 pm

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: Search results redirect20th January 2010, 8:37 pm

OTL logfile created on: 1/20/2010 3:26:16 PM - Run 1
OTL by OldTimer - Version 3.1..25.2 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 67.92 Gb Free Space | 48.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 32K5JC1
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/20 15:26:01 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL(2).exe
PRC - [2009/12/22 12:41:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/11 08:20:37 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/01 13:14:42 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/10/01 13:14:13 | 00,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/31 09:12:25 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/31 09:12:21 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/07/31 09:12:19 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/07/31 09:12:13 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/21 10:13:58 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/26 17:13:52 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/11 00:15:42 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/26 19:39:38 | 00,071,512 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe
PRC - [2008/08/14 00:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/24 18:46:10 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/06/29 21:42:42 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2008/06/29 21:42:14 | 01,961,984 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2008/04/14 07:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 16:25:06 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/02/21 16:24:56 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/02/21 16:24:54 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/02/21 16:24:54 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/10/26 14:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/07/27 17:43:34 | 00,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2005/03/11 14:40:26 | 00,455,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe

========== Modules (SafeList) ==========

MOD - [2010/01/20 15:26:01 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL(2).exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LogMeIn)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/01 13:14:42 | 00,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/31 09:12:13 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/24 14:04:31 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/10 12:54:47 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98ba8ac7a90d0) Google Update Service (gupdate1c98ba8ac7a90d0)
SRV - [2009/01/26 17:13:52 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/11 00:12:27 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/26 19:39:38 | 00,071,512 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/08/14 00:04:44 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/29 21:42:42 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2007/10/26 14:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/07/11 10:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/03/11 14:40:26 | 00,455,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

========== Driver Services (SafeList) ==========

DRV - [2009/10/01 13:14:19 | 00,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/07/31 09:12:25 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/07/31 09:12:25 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 00:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/26 08:04:06 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/04/26 08:04:01 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/01/26 17:13:41 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 17:13:39 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/08/26 19:39:48 | 00,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/08/26 19:39:42 | 00,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/07/24 18:46:12 | 00,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 18:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/24 18:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmimirr.sys -- (lmimirr)
DRV - [2008/07/16 16:32:12 | 00,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2008/07/16 16:32:10 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2008/07/16 16:32:00 | 00,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Afx.sys -- (OEM13Afx)
DRV - [2008/06/29 21:42:26 | 01,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/14 07:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 07:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 07:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 07:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/13 23:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/17 16:54:30 | 00,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/02/21 19:28:14 | 00,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/02/21 19:06:38 | 05,776,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/02/21 16:24:52 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/02/21 16:21:58 | 04,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/26 14:27:00 | 00,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/07/26 04:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/07/23 16:05:20 | 00,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 00,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 00,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 00,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 00,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 00,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 00,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 00,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:55:44 | 00,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 15:49:44 | 00,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 00,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 15:43:42 | 00,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM..SYS -- (DRVNDDM)
DRV - [2007/01/31 13:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/01/26 10:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2001/08/17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4081211
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4081211

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4081211
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/19 22:13:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/19 22:13:28 | 00,000,000 | ---D | M]

[2010/01/19 22:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2010/01/19 22:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\3v23l81v.default\extensions
[2010/01/19 22:13:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 07:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: myspace.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update..microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229551525438 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586..cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1d28d420-222d-11de-80bc-002170d3f5b3}\Shell - "" = AutoRun
O33 - MountPoints2\{1d28d420-222d-11de-80bc-002170d3f5b3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1d28d420-222d-11de-80bc-002170d3f5b3}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
O33 - MountPoints2\{3d011e80-88e7-11de-817b-002170d3f5b3}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bcasnative32) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/19 23:33:22 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/19 22:55:18 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/19 22:13:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Mozilla
[2010/01/19 22:13:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla
[2010/01/19 22:13:27 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/19 22:01:26 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2010/01/19 19:38:01 | 00,000,000 | ---D | C] -- C:\TOP_GEAR_US_SPECIAL
[2010/01/19 12:38:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\ibqtxa
[2010/01/13 06:55:07 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/28 23:28:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Apple Computer
[2009/12/28 23:28:03 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/12/28 23:28:03 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/12/28 23:27:23 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/12/28 23:27:18 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/12/28 23:27:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/28 23:26:56 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/12/28 23:26:16 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/28 23:26:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/28 23:25:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Apple
[2009/12/28 23:25:56 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/12/28 23:25:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/12/28 23:25:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/12/28 23:24:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Apple Computer
[2009/10/17 06:15:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/06/11 07:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2009/02/11 18:48:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/10 18:25:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/04/25 16:32:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/04/25 16:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/04/25 16:29:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/25 16:29:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/20 15:06:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/20 14:45:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/20 14:06:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/20 07:09:42 | 54,376,428 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/20 07:07:34 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/20 07:07:34 | 00,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/20 07:07:34 | 00,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/20 07:03:02 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/01/20 07:02:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/20 07:02:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/20 07:02:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/20 07:02:25 | 32,111,86176 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/19 23:40:39 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2010/01/19 23:40:18 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/01/19 23:33:30 | 00,002,439 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk
[2010/01/19 22:13:29 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/19 19:28:00 | 01,094,021 | ---- | M] () -- C:\Documents and Settings\User\My Documents\dvdshrink32setup.zip
[2010/01/19 15:03:27 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/19 08:04:21 | 00,011,399 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Technology Essentials Q 1-15.docx
[2010/01/17 20:23:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/01/15 14:15:24 | 00,000,001 | ---- | M] () -- C:\s
[2010/01/11 17:52:53 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The European.doc
[2010/01/08 18:54:44 | 00,800,768 | ---- | M] () -- C:\Documents and Settings\User\My Documents\ASTKyle.doc
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 18:31:51 | 00,155,136 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Lesson 17 DWH.doc
[2010/01/04 17:16:27 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\User\My Documents\The Silk Road.doc
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/19 23:33:22 | 00,002,439 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HiJackThis.lnk
[2010/01/19 22:13:29 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/19 19:27:50 | 01,094,021 | ---- | C] () -- C:\Documents and Settings\User\My Documents\dvdshrink32setup.zip
[2010/01/19 08:04:21 | 00,011,399 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Technology Essentials Q 1-15.docx
[2010/01/15 14:15:24 | 00,000,001 | ---- | C] () -- C:\s
[2010/01/11 17:25:34 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The European.doc
[2010/01/08 15:58:20 | 00,800,768 | ---- | C] () -- C:\Documents and Settings\User\My Documents\ASTKyle.doc
[2010/01/06 17:43:39 | 00,155,136 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Lesson 17 DWH.doc
[2010/01/04 17:08:12 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\User\My Documents\The Silk Road.doc
[2009/02/05 17:46:50 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/11 01:59:48 | 01,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/12/11 01:59:48 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864..dll
[2008/12/11 01:59:48 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/12/11 01:58:45 | 00,001,153 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/12/11 00:20:21 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/12/11 00:13:25 | 00,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/11 00:10:23 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/12/11 00:10:22 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/04/25 16:26:32 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/10/26 14:28:18 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 14:28:04 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
< End of report >

Re: Search results redirect20th January 2010, 9:21 pm

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O33 - MountPoints2\{1d28d420-222d-11de-80bc-002170d3f5b3}\Shell - "" = AutoRun
O33 - MountPoints2\{1d28d420-222d-11de-80bc-002170d3f5b3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1d28d420-222d-11de-80bc-002170d3f5b3}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
O33 - MountPoints2\{3d011e80-88e7-11de-817b-002170d3f5b3}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
[2010/01/19 12:38:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\ibqtxa
[2010/01/15 14:15:24 | 00,000,001 | ---- | M] () -- C:\s
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Search results redirect20th January 2010, 11:27 pm

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d28d420-222d-11de-80bc-002170d3f5b3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d28d420-222d-11de-80bc-002170d3f5b3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d28d420-222d-11de-80bc-002170d3f5b3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d28d420-222d-11de-80bc-002170d3f5b3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d28d420-222d-11de-80bc-002170d3f5b3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d28d420-222d-11de-80bc-002170d3f5b3}\ not found.
File E:\DPFMate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d011e80-88e7-11de-817b-002170d3f5b3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d011e80-88e7-11de-817b-002170d3f5b3}\ not found.
File E:\wd_windows_tools\setup.exe not found.
C:\Documents and Settings\User\Local Settings\Application Data\ibqtxa folder moved successfully.
C:\s moved successfully.

OTL by OldTimer - Version 3.1.25.2 log created on 01202010_182658

Re: Search results redirect21st January 2010, 12:04 am

Hello.
Can you post the second log from OTM please?

Re: Search results redirect21st January 2010, 12:25 am

OTL Extras logfile created on: 1/20/2010 3:26:16 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 67.92 Gb Free Space | 48.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 32K5JC1
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre1.6.0_07\bin\javaws.exe" = C:\Program Files\Java\jre1.6.0_07\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\wowd.exe" = C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\wowd.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype

3.8
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_930" = Adobe Acrobat 9.3.0 - CPSID_52073
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"ATT-PRT22" = ATT-PRT22
"AVG8Uninstall" = AVG 8.5
"BASICR" = Microsoft Office Basic 2007
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner (remove only)
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"RealVNC_is1" = VNC Free Edition 4.1.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2009 1:16:17 PM | Computer Name = 32K5JC1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2009 12:07:40 PM | Computer Name = 32K5JC1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/20/2009 7:00:26 PM | Computer Name = 32K5JC1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16945, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/20/2009 7:00:29 PM | Computer Name = 32K5JC1 | Source = Application Hang | ID = 1001
Description = Fault bucket 1564914690.

Error - 12/22/2009 4:12:49 PM | Computer Name = 32K5JC1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16945, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/24/2009 9:22:11 AM | Computer Name = 32K5JC1 | Source = Google Update | ID = 20
Description =

Error - 12/30/2009 11:27:21 PM | Computer Name = 32K5JC1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16945, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/30/2009 11:28:16 PM | Computer Name = 32K5JC1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16945, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/30/2009 11:31:34 PM | Computer Name = 32K5JC1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16945, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2010 6:51:24 PM | Computer Name = 32K5JC1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: An internal certificate chaining error has occurred.

[ System Events ]
Error - 1/19/2010 10:55:33 PM | Computer Name = 32K5JC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/19/2010 10:55:48 PM | Computer Name = 32K5JC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/19/2010 10:55:57 PM | Computer Name = 32K5JC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/19/2010 10:56:42 PM | Computer Name = 32K5JC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/19/2010 10:56:57 PM | Computer Name = 32K5JC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/19/2010 10:57:12 PM | Computer Name = 32K5JC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/19/2010 10:57:26 PM | Computer Name = 32K5JC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/19/2010 10:57:42 PM | Computer Name = 32K5JC1 | Source = PlugPlayManager | ID = 12
Description = The device 'Optiarc DVD+-RW AD-7640A' (IDE\CdRomOptiarc_DVD+-RW_AD-7640A________________JD06____\4e4347303635433938363638383533423030544d)
disappeared from the system without first being prepared for removal.

Error - 1/19/2010 11:25:19 PM | Computer Name = 32K5JC1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 1/20/2010 12:32:26 AM | Computer Name = 32K5JC1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

< End of report >

Re: Search results redirect21st January 2010, 12:29 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Re: Search results redirect21st January 2010, 1:12 am

I have done the above, what next?

Re: Search results redirect21st January 2010, 1:21 am

How is the machine running now?

Re: Search results redirect21st January 2010, 1:25 am

Still getting search results redirects. For example: I did a search for dog food, get my search results, click on one and end up at juggle.com. Then browse back to search results, click on another search result and end up at lowprices.com??????

Re: Search results redirect21st January 2010, 1:25 am

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Search results redirect21st January 2010, 1:27 am

Doing combofix now.

Re: Search results redirect21st January 2010, 1:47 am

Combofix will not run. The green status bar gets full but then nothing happens and the machine is locked.

Re: Search results redirect21st January 2010, 11:40 pm

Hello.

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Please try running Combofix from Safe Mode instead.

Re: Search results redirect22nd January 2010, 12:35 am

I am attempting to run combofix in safe mode now.

Re: Search results redirect22nd January 2010, 1:36 am

ComboFix 10-01-21.01 - User 01/21/2010 20:26:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2691 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Fast Browser Search

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected
Restored copy from - c:\windows\system32\drivers\iaStor.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-22 to 2010-01-22 )))))))))))))))))))))))))))))))
.

2010-01-21 00:18 . 2010-01-21 00:18 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\LogMeIn
2010-01-21 00:18 . 2010-01-21 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2010-01-21 00:18 . 2009-09-29 00:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-01-21 00:18 . 2009-09-29 00:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-01-21 00:18 . 2009-09-29 00:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2010-01-21 00:18 . 2008-08-11 17:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-01-21 00:18 . 2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2010-01-21 00:18 . 2010-01-21 12:14 -------- d-----w- c:\program files\LogMeIn
2010-01-21 00:12 . 2010-01-21 00:12 1956072 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-20 23:58 . 2010-01-21 00:05 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Deployment
2010-01-20 23:40 . 2010-01-20 23:40 -------- d-----w- c:\program files\DVD Decrypter
2010-01-20 23:40 . 2010-01-20 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-01-20 23:40 . 2010-01-20 23:40 -------- d-----w- c:\program files\DVD Shrink
2010-01-20 04:33 . 2010-01-20 04:33 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-20 04:33 . 2010-01-20 04:33 -------- d-----w- c:\program files\TrendMicro
2010-01-20 03:13 . 2010-01-20 03:13 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla
2010-01-20 00:38 . 2010-01-20 00:43 -------- d-----w- C:\TOP_GEAR_US_SPECIAL
2010-01-13 11:55 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-29 04:28 . 2009-12-29 04:29 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer
2009-12-29 04:28 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-29 04:28 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-29 04:27 . 2009-12-29 04:27 -------- d-----w- c:\program files\iPod
2009-12-29 04:27 . 2009-12-29 04:28 -------- d-----w- c:\program files\iTunes
2009-12-29 04:27 . 2009-12-29 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-29 04:26 . 2009-12-29 04:26 -------- d-----w- c:\program files\Bonjour
2009-12-29 04:26 . 2009-12-29 04:26 -------- d-----w- c:\program files\QuickTime
2009-12-29 04:26 . 2009-12-29 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-29 04:25 . 2009-12-29 04:25 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Apple
2009-12-29 04:25 . 2009-12-29 04:25 -------- d-----w- c:\program files\Apple Software Update
2009-12-29 04:25 . 2009-12-29 04:27 -------- d-----w- c:\program files\Common Files\Apple
2009-12-29 04:25 . 2009-12-29 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-29 04:24 . 2009-12-29 04:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 18:30 . 2009-02-10 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-15 19:54 . 2009-03-18 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 19:54 . 2009-06-16 15:04 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-13 12:00 . 2008-12-11 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-07 21:07 . 2009-03-18 13:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-03-18 13:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 18:08 . 2008-12-11 05:15 -------- d-----w- c:\program files\Google
2009-11-21 15:51 . 2008-04-25 16:16 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-15 02:33 . 2009-11-15 02:33 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-09 21:53 . 2008-12-17 22:04 68848 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 07:46 . 2008-04-25 16:16 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2008-04-25 16:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2008-04-25 16:16 17408 ----a-w- c:\windows\system32\corpol.dll
2008-12-11 05:10 . 2008-12-11 05:10 76 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-12-17 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bcasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 23:35 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 06:26 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-02-21 21:21 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-06-30 02:42 2220032 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2008-02-22 18:43 1245184 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 18:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-22 00:06 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-22 00:06 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 10:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM13Mon.exe]
2008-07-16 21:32 36864 ----a-w- c:\windows\OEM13Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 20:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-22 00:06 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-21 21:21 16855552 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-11 05:15 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\wowd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [1/20/2010 7:18 PM 47640]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [12/11/2008 1:59 AM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12/11/2008 1:59 AM 43608]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [12/11/2008 1:59 AM 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [12/11/2008 1:59 AM 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [12/11/2008 1:59 AM 235840]
S2 gupdate1c98ba8ac7a90d0;Google Update Service (gupdate1c98ba8ac7a90d0);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2009 12:54 PM 133104]
S3 BCASPROT;SpyDefy;\??\c:\program files\ByteCrusher\SpyDefy\bcasprot32.sys --> c:\program files\ByteCrusher\SpyDefy\bcasprot32.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-01-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-11 19:04]

2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 17:54]

2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 17:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: myspace.com\www
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3v23l81v.default\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 20:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\wscntfy.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-21 20:34:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-22 01:34

Pre-Run: 72,939,307,008 bytes free
Post-Run: 73,016,909,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 469D5E83911DE2253142B405DCAB9B5B

Re: Search results redirect23rd January 2010, 1:55 am

That did it, there should be no more search hijacks now.

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Re: Search results redirect23rd January 2010, 2:29 am

Reinstalled my AVG. Everything seems to be running great now. I will be making a donation. I am also considering joining your academy. Thanks once again for your assistance.

Leo

Re: Search results redirect23rd January 2010, 5:39 pm

What is the correct way to uninstall combofix?

Re: Search results redirect23rd January 2010, 11:29 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Re: Search results redirect23rd January 2010, 11:35 pm

Done. Thanks again for your assistance.

Search results redirect

descriptionSearch results redirect20th January 2010, 3:53 am

descriptionRe: Search results redirect20th January 2010, 4:04 am

descriptionRe: Search results redirect20th January 2010, 4:37 am

descriptionRe: Search results redirect20th January 2010, 7:06 pm

descriptionRe: Search results redirect20th January 2010, 8:37 pm

descriptionRe: Search results redirect20th January 2010, 9:21 pm

descriptionRe: Search results redirect20th January 2010, 11:27 pm

descriptionRe: Search results redirect21st January 2010, 12:04 am

descriptionRe: Search results redirect21st January 2010, 12:25 am

descriptionRe: Search results redirect21st January 2010, 12:29 am

descriptionRe: Search results redirect21st January 2010, 1:12 am

descriptionRe: Search results redirect21st January 2010, 1:21 am

descriptionRe: Search results redirect21st January 2010, 1:25 am

descriptionRe: Search results redirect21st January 2010, 1:25 am

descriptionRe: Search results redirect21st January 2010, 1:27 am

descriptionRe: Search results redirect21st January 2010, 1:47 am

descriptionRe: Search results redirect21st January 2010, 11:40 pm

descriptionRe: Search results redirect22nd January 2010, 12:35 am

descriptionRe: Search results redirect22nd January 2010, 1:36 am

descriptionRe: Search results redirect23rd January 2010, 1:55 am

descriptionRe: Search results redirect23rd January 2010, 2:29 am

descriptionRe: Search results redirect23rd January 2010, 5:39 pm

descriptionRe: Search results redirect23rd January 2010, 11:29 pm

descriptionRe: Search results redirect23rd January 2010, 11:35 pm

descriptionRe: Search results redirect