Redirect and new tab pop-ups

Redirect and new tab pop-ups24th November 2010, 7:32 pm

95% of the time I try to click on a google search link I get redirected to random search engines. I can search ok on google but have to copy & paste the links to open them. I am also having random new tabs opening a lot for everything from hemp products to at home law courses. I don't know if these are connected or not but they both started around the same time, pretty much right after I got rid of the thinkpoint virus. I have antivira and have also ran malwarebytes scans, they came up with a few different rootkit.TDSS files but it is still not fixed. Thanks.

Re: Redirect and new tab pop-ups24th November 2010, 10:59 pm

Hello.

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Redirect and new tab pop-ups DXwU4

Re: Redirect and new tab pop-ups24th November 2010, 11:55 pm

OTL Extras logfile created on: 11/24/2010 6:44:57 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\daddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 116.10 Gb Free Space | 62.32% Space Free | Partition Type: NTFS

Computer Name: MOMCOMP1 | User Name: daddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58191:TCP" = 58191:TCP:*:Enabled:Pando Media Booster
"58191:UDP" = 58191:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:blizzard downloader
"6112:TCP" = 6112:TCP:*:Enabled:blizzard downloader
"6881:TCP" = 6881:TCP:*:Enabled:blizzard downloader
"1119:TCP" = 1119:TCP:*:Enabled:blizzard downloader
"58191:TCP" = 58191:TCP:*:Enabled:Pando Media Booster
"58191:UDP" = 58191:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{11FBBEEE-4F17-D27F-299E-73C3F823D9D7}" = Catalyst Control Center Graphics Previews Common
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7B8AFF-0E53-8F7A-9134-C4BBE25E295A}" = ccc-utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 18
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3956DD06-7A44-C9E6-EEF4-F56C507485FB}" = ccc-core-static
"{39DAAC18-49A1-1E67-5286-F142A7D2332E}" = Catalyst Control Center Graphics Full Existing
"{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}" = Ulead COOL 360 1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A71E27C-07D2-4CB8-ACA9-165242416758}" = Digital Video
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D8CC168-A12E-422D-A3DF-53AD64E4F1ED}" = RPS CRT
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6B619ED4-492F-4AD2-BCA7-563AFC938B0F}" = AMD CPUInfo
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{721FEDC0-456E-3E8B-C4AF-3C3DC8196DB4}" = ccc-core-preinstall
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AABF28C-E8DC-9859-D016-FCEED1183753}" = Catalyst Control Center Core Implementation
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F9C75FD-4057-C67F-54DD-84F00CEEC07A}" = Skins
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{89BC7626-A4B4-0466-1624-B3D44DB47B8B}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD704325-6572-7653-B5B2-08FD243E5D46}" = Catalyst Control Center Graphics Light
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6111BDE-3D23-403E-96BD-3CE416101B16}" = Diskeeper Professional Edition
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5D720C6-67A3-DD48-30E0-7B5EAE4DDA13}" = Catalyst Control Center Graphics Full New
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX Setup
"Foxit Reader" = Foxit Reader
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pixel Mine Launcher_is1" = Pixel Mine Launcher 1.00
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2010 3:03:34 PM | Computer Name = MOMCOMP1 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/24/2010 3:03:43 PM | Computer Name = MOMCOMP1 | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.

Error - 11/24/2010 4:58:48 PM | Computer Name = MOMCOMP1 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/24/2010 4:58:58 PM | Computer Name = MOMCOMP1 | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.

[ System Events ]
Error - 11/24/2010 6:43:03 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/24/2010 6:43:03 PM | Computer Name = MOMCOMP1 | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 11/24/2010 6:54:13 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/24/2010 6:54:13 PM | Computer Name = MOMCOMP1 | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 11/24/2010 6:54:14 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/24/2010 7:43:02 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/24/2010 7:43:02 PM | Computer Name = MOMCOMP1 | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 11/24/2010 7:43:02 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/24/2010 7:43:04 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/24/2010 7:43:05 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

< End of report >

Re: Redirect and new tab pop-ups24th November 2010, 11:59 pm

OTL logfile created on: 11/24/2010 6:44:57 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\daddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 116.10 Gb Free Space | 62.32% Space Free | Partition Type: NTFS

Computer Name: MOMCOMP1 | User Name: daddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 18:40:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daddy\Desktop\OTL.exe
PRC - [2010/11/13 10:53:21 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/03 14:34:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/03 14:34:51 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/03 14:34:51 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/09/01 01:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/15 00:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2009/01/14 19:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/04/16 17:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/12/06 07:09:30 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/06/07 14:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/02/19 05:21:22 | 000,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2002/04/16 18:11:28 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

========== Modules (SafeList) ==========

MOD - [2010/11/24 18:40:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daddy\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/11/03 14:34:51 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/03 14:34:51 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/28 09:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/14 19:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/06/07 14:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI)
DRV - [2010/11/24 08:40:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/03 14:34:51 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/04/28 09:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/10/16 13:42:08 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/16 13:41:54 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/05/11 14:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 12:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/11/02 00:52:04 | 002,644,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/10/30 21:54:04 | 001,201,632 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/10/26 13:20:40 | 004,124,352 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/07/12 05:49:16 | 000,096,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/04/16 23:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/06/07 16:15:30 | 000,029,696 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdTools.sys -- (amdtools)
DRV - [2006/03/13 09:50:06 | 000,087,824 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mgmt.sys -- (w300mgmt) Sony Ericsson W300 USB WMC Device Management Drivers (WDM)
DRV - [2006/03/13 09:49:54 | 000,060,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300bus.sys -- (w300bus) Sony Ericsson W300 Driver driver (WDM)
DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/08 06:02:50 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\daddy\Local Settings\Temp\adxapie.sys -- (adxapie)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/13 14:32:19 | 000,000,000 | ---D | M]

Re: Redirect and new tab pop-ups25th November 2010, 12:04 am

sorry I'm having prob;ems posting the rest, will keep trying

Re: Redirect and new tab pop-ups25th November 2010, 12:08 am

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GlobeCom_Full_Client_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe File not found
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.)
O4 - Startup: C:\Documents and Settings\daddy\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

Re: Redirect and new tab pop-ups25th November 2010, 12:18 am

still trying...keeps saying internet explorer can't open website when I hit send but watch...this'll probably work

Re: Redirect and new tab pop-ups25th November 2010, 12:29 am

I have to put my kids to bed but I'll try to post the rest later, hopefully it works...any advice on why it won't post that but it will post this? I've tried sending smaller amounts and that doesn't seem to work

Re: Redirect and new tab pop-ups25th November 2010, 2:26 am

Can't post the rest...how else can I get it to you or do I have to manually type it all?

Re: Redirect and new tab pop-ups25th November 2010, 3:31 pm

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\daddy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\daddy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/08 14:44:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 18:40:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\daddy\Desktop\OTL.exe
[2010/11/24 10:04:53 | 001,912,872 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\daddy\Desktop\HousecallLauncher.exe
[2010/11/23 16:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/11/17 21:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\Local Settings\Application Data\Identities
[2010/11/13 15:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\Local Settings\Application Data\Conduit
[2010/11/13 14:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\Local Settings\Application Data\Temp
[2010/11/13 14:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/11/13 13:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\My Documents\Vuze Downloads
[2010/11/13 12:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\Application Data\Azureus
[2010/11/13 10:53:28 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/11/13 10:53:22 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/13 10:53:22 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/11/13 10:53:22 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/11/13 10:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/11/13 10:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/11/13 10:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\Application Data\Real
[2010/11/11 22:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/11 22:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/11 19:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/11 19:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/11 10:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\Application Data\Malwarebytes
[2010/11/11 10:20:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/11 10:20:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/11 10:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/11 10:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/24 18:45:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/24 18:44:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/24 18:44:27 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1993962763-839522115-1006.job
[2010/11/24 18:44:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/24 18:43:03 | 000,007,500 | ---- | M] () -- C:\WINDOWS\System32\123.js
[2010/11/24 18:43:03 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

Re: Redirect and new tab pop-ups25th November 2010, 3:31 pm

2010/11/24 18:41:11 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1993962763-839522115-1006.job
[2010/11/24 18:40:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daddy\Desktop\OTL.exe
[2010/11/24 18:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/24 17:57:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/24 17:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/24 16:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/24 15:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/24 15:18:19 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5710E62F-4F38-4158-9F61-7E5EEBF6864D}.job
[2010/11/24 14:50:35 | 000,010,666 | ---- | M] () -- C:\Documents and Settings\daddy\My Documents\christmas list.docx
[2010/11/24 14:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/24 13:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/24 12:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/24 11:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/24 10:43:13 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/24 10:05:02 | 001,912,872 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\daddy\Desktop\HousecallLauncher.exe
[2010/11/24 09:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/24 08:43:05 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/24 08:40:38 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/23 23:43:06 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/23 22:43:09 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/23 21:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/23 20:43:03 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/23 19:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/18 08:24:23 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/17 22:54:13 | 000,013,158 | ---- | M] () -- C:\Documents and Settings\daddy\My Documents\Resume.docx
[2010/11/13 14:25:26 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/13 14:20:39 | 002,018,222 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/11/13 14:20:35 | 000,446,298 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/13 14:20:35 | 000,073,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/13 13:58:58 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\daddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 10:53:41 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/11/13 10:53:28 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/11/13 10:53:22 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/13 10:53:22 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/11/13 10:53:22 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/11/11 23:43:02 | 000,012,477 | ---- | M] () -- C:\WINDOWS\System32\234.js
[2010/11/11 10:21:02 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/07 10:48:40 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\daddy\Application Data\completescan
[2010/11/05 19:59:14 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\daddy\Application Data\start
[2010/11/05 19:47:47 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\daddy\Application Data\install
[2010/11/05 19:41:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/05 19:41:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/05 19:41:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/05 19:41:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/05 19:41:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/05 19:41:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/05 14:21:58 | 000,010,377 | ---- | M] () -- C:\Documents and Settings\daddy\My Documents\Your VIA Préférence number is.docx
[2010/11/03 14:34:51 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/27 16:44:24 | 000,011,096 | ---- | M] () -- C:\Documents and Settings\daddy\My Documents\We have been through a lot in our first 2 years of marriage.docx
[2010/10/25 21:28:54 | 000,010,486 | ---- | M] () -- C:\Documents and Settings\daddy\My Documents\JF1983.docx
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/24 14:49:54 | 000,010,666 | ---- | C] () -- C:\Documents and Settings\daddy\My Documents\christmas list.docx
[2010/11/23 19:43:02 | 000,007,500 | ---- | C] () -- C:\WINDOWS\System32\123.js
[2010/11/17 22:54:13 | 000,013,158 | ---- | C] () -- C:\Documents and Settings\daddy\My Documents\Resume.docx
[2010/11/13 10:53:56 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1993962763-839522115-1006.job
[2010/11/13 10:53:56 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1993962763-839522115-1006.job
[2010/11/13 10:53:41 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/11/11 20:38:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 19:43:02 | 000,012,477 | ---- | C] () -- C:\WINDOWS\System32\234.js
[2010/11/11 10:21:02 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/05 19:59:14 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\daddy\Application Data\start
[2010/11/05 19:58:42 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\daddy\Application Data\completescan
[2010/11/05 19:47:47 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\daddy\Application Data\install
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/05 14:21:58 | 000,010,377 | ---- | C] () -- C:\Documents and Settings\daddy\My Documents\Your VIA Préférence number is.docx
[2010/10/27 16:44:24 | 000,011,096 | ---- | C] () -- C:\Documents and Settings\daddy\My Documents\We have been through a lot in our first 2 years of marriage.docx
[2010/08/31 01:18:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\daddy\Local Settings\Application Data\fusioncache.dat
[2010/02/08 04:59:29 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/18 13:44:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\daddy\Local Settings\Application Data\housecall.guid.cache
[2009/05/27 14:02:03 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\daddy\Application Data\Smiley.ico
[2009/01/02 18:11:08 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/07/16 16:06:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/16 16:06:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/02 12:26:20 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\daddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/13 00:26:38 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/05/13 00:26:38 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/05/13 00:26:38 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/05/03 20:36:22 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/05/03 20:36:09 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/12/11 03:13:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/12/08 06:51:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

Re: Redirect and new tab pop-ups25th November 2010, 4:09 pm

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinner.com/games/v68/clue/clue.cab (Clue Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://merlin.telus.net/wizlet/Merlin11/static/controls/MotiveClient.cab (WebBrowserType Class)

Re: Redirect and new tab pop-ups25th November 2010, 4:10 pm

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197145811562 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

Re: Redirect and new tab pop-ups25th November 2010, 4:19 pm

Hi, Ok I'm really sorry this is so messed up. There seems to be 1 line that will not post no matter what I try so I have posted everything else but it's in a bit of a messed up order. I'm going to post in proper order below now that I know what the issue seems to be. Really sorry for all the confusion, I'm not very good with computers and I can't figure out how to delete all the previous posts to clean this up a bit Smile...

Re: Redirect and new tab pop-ups25th November 2010, 4:19 pm

OTL logfile created on: 11/24/2010 6:44:57 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\daddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 116.10 Gb Free Space | 62.32% Space Free | Partition Type: NTFS

Computer Name: MOMCOMP1 | User Name: daddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 18:40:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daddy\Desktop\OTL.exe
PRC - [2010/11/13 10:53:21 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/03 14:34:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/03 14:34:51 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/03 14:34:51 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/09/01 01:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/15 00:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2009/01/14 19:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/04/16 17:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/12/06 07:09:30 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/06/07 14:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/02/19 05:21:22 | 000,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2002/04/16 18:11:28 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

========== Modules (SafeList) ==========

MOD - [2010/11/24 18:40:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daddy\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/11/03 14:34:51 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/03 14:34:51 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/28 09:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/14 19:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/06/07 14:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI)
DRV - [2010/11/24 08:40:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/03 14:34:51 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/04/28 09:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/10/16 13:42:08 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/16 13:41:54 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/05/11 14:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 12:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/11/02 00:52:04 | 002,644,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/10/30 21:54:04 | 001,201,632 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/10/26 13:20:40 | 004,124,352 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/07/12 05:49:16 | 000,096,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/04/16 23:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/06/07 16:15:30 | 000,029,696 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdTools.sys -- (amdtools)
DRV - [2006/03/13 09:50:06 | 000,087,824 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300mgmt.sys -- (w300mgmt) Sony Ericsson W300 USB WMC Device Management Drivers (WDM)
DRV - [2006/03/13 09:49:54 | 000,060,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w300bus.sys -- (w300bus) Sony Ericsson W300 Driver driver (WDM)
DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/08 06:02:50 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\daddy\Local Settings\Temp\adxapie.sys -- (adxapie)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/13 14:32:19 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GlobeCom_Full_Client_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe File not found
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.)
O4 - Startup: C:\Documents and Settings\daddy\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

Re: Redirect and new tab pop-ups25th November 2010, 4:20 pm

MISSING LINE GOES HERE

Re: Redirect and new tab pop-ups25th November 2010, 4:21 pm

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197145811562 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinner.com/games/v68/clue/clue.cab (Clue Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://merlin.telus.net/wizlet/Merlin11/static/controls/MotiveClient.cab (WebBrowserType Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\daddy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\daddy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/08 14:44:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 18:40:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\daddy\Desktop\OTL.exe
[2010/11/24 10:04:53 | 001,912,872 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\daddy\Desktop\HousecallLauncher.exe
[2010/11/23 16:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/11/17 21:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\Local Settings\Application Data\Identities
[2010/11/13 15:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\Local Settings\Application Data\Conduit
[2010/11/13 14:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\Local Settings\Application Data\Temp
[2010/11/13 14:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/11/13 13:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\My Documents\Vuze Downloads
[2010/11/13 12:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\Application Data\Azureus
[2010/11/13 10:53:28 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/11/13 10:53:22 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/13 10:53:22 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/11/13 10:53:22 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/11/13 10:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/11/13 10:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/11/13 10:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\Application Data\Real
[2010/11/11 22:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/11 22:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/11 19:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/11 19:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/11 10:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daddy\Application Data\Malwarebytes
[2010/11/11 10:20:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/11 10:20:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/11 10:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/11 10:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/24 18:45:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/24 18:44:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/24 18:44:27 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1993962763-839522115-1006.job
[2010/11/24 18:44:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/24 18:43:03 | 000,007,500 | ---- | M] () -- C:\WINDOWS\System32\123.js
[2010/11/24 18:43:03 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/24 18:41:11 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1993962763-839522115-1006.job
[2010/11/24 18:40:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daddy\Desktop\OTL.exe
[2010/11/24 18:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/24 17:57:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/24 17:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/24 16:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/24 15:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/24 15:18:19 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5710E62F-4F38-4158-9F61-7E5EEBF6864D}.job
[2010/11/24 14:50:35 | 000,010,666 | ---- | M] () -- C:\Documents and Settings\daddy\My Documents\christmas list.docx
[2010/11/24 14:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/24 13:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/24 12:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/24 11:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/24 10:43:13 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/24 10:05:02 | 001,912,872 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\daddy\Desktop\HousecallLauncher.exe
[2010/11/24 09:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/24 08:43:05 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/24 08:40:38 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/23 23:43:06 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/23 22:43:09 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/23 21:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/23 20:43:03 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/23 19:43:02 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/18 08:24:23 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/17 22:54:13 | 000,013,158 | ---- | M] () -- C:\Documents and Settings\daddy\My Documents\Resume.docx
[2010/11/13 14:25:26 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/13 14:20:39 | 002,018,222 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/11/13 14:20:35 | 000,446,298 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/13 14:20:35 | 000,073,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/13 13:58:58 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\daddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 10:53:41 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/11/13 10:53:28 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/11/13 10:53:22 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/13 10:53:22 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/11/13 10:53:22 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/11/11 23:43:02 | 000,012,477 | ---- | M] () -- C:\WINDOWS\System32\234.js
[2010/11/11 10:21:02 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/07 10:48:40 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\daddy\Application Data\completescan
[2010/11/05 19:59:14 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\daddy\Application Data\start
[2010/11/05 19:47:47 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\daddy\Application Data\install
[2010/11/05 19:41:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/05 19:41:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/05 19:41:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/05 19:41:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/05 19:41:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/05 19:41:51 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/05 14:21:58 | 000,010,377 | ---- | M] () -- C:\Documents and Settings\daddy\My Documents\Your VIA Préférence number is.docx
[2010/11/03 14:34:51 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/27 16:44:24 | 000,011,096 | ---- | M] () -- C:\Documents and Settings\daddy\My Documents\We have been through a lot in our first 2 years of marriage.docx
[2010/10/25 21:28:54 | 000,010,486 | ---- | M] () -- C:\Documents and Settings\daddy\My Documents\JF1983.docx
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/24 14:49:54 | 000,010,666 | ---- | C] () -- C:\Documents and Settings\daddy\My Documents\christmas list.docx
[2010/11/23 19:43:02 | 000,007,500 | ---- | C] () -- C:\WINDOWS\System32\123.js
[2010/11/17 22:54:13 | 000,013,158 | ---- | C] () -- C:\Documents and Settings\daddy\My Documents\Resume.docx
[2010/11/13 10:53:56 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1993962763-839522115-1006.job
[2010/11/13 10:53:56 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1993962763-839522115-1006.job
[2010/11/13 10:53:41 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/11/11 20:38:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 19:43:02 | 000,012,477 | ---- | C] () -- C:\WINDOWS\System32\234.js
[2010/11/11 10:21:02 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/05 19:59:14 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\daddy\Application Data\start
[2010/11/05 19:58:42 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\daddy\Application Data\completescan
[2010/11/05 19:47:47 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\daddy\Application Data\install
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/05 19:41:50 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/05 19:41:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/05 14:21:58 | 000,010,377 | ---- | C] () -- C:\Documents and Settings\daddy\My Documents\Your VIA Préférence number is.docx
[2010/10/27 16:44:24 | 000,011,096 | ---- | C] () -- C:\Documents and Settings\daddy\My Documents\We have been through a lot in our first 2 years of marriage.docx
[2010/08/31 01:18:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\daddy\Local Settings\Application Data\fusioncache.dat
[2010/02/08 04:59:29 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/18 13:44:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\daddy\Local Settings\Application Data\housecall.guid.cache
[2009/05/27 14:02:03 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\daddy\Application Data\Smiley.ico
[2009/01/02 18:11:08 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/07/16 16:06:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/16 16:06:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/02 12:26:20 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\daddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/13 00:26:38 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/05/13 00:26:38 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/05/13 00:26:38 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/05/03 20:36:22 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/05/03 20:36:09 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/12/11 03:13:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/12/08 06:51:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

Re: Redirect and new tab pop-ups25th November 2010, 4:22 pm

OTL Extras logfile created on: 11/24/2010 6:44:57 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\daddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 116.10 Gb Free Space | 62.32% Space Free | Partition Type: NTFS

Computer Name: MOMCOMP1 | User Name: daddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58191:TCP" = 58191:TCP:*:Enabled:Pando Media Booster
"58191:UDP" = 58191:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:blizzard downloader
"6112:TCP" = 6112:TCP:*:Enabled:blizzard downloader
"6881:TCP" = 6881:TCP:*:Enabled:blizzard downloader
"1119:TCP" = 1119:TCP:*:Enabled:blizzard downloader
"58191:TCP" = 58191:TCP:*:Enabled:Pando Media Booster
"58191:UDP" = 58191:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{11FBBEEE-4F17-D27F-299E-73C3F823D9D7}" = Catalyst Control Center Graphics Previews Common
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7B8AFF-0E53-8F7A-9134-C4BBE25E295A}" = ccc-utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 18
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3956DD06-7A44-C9E6-EEF4-F56C507485FB}" = ccc-core-static
"{39DAAC18-49A1-1E67-5286-F142A7D2332E}" = Catalyst Control Center Graphics Full Existing
"{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}" = Ulead COOL 360 1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A71E27C-07D2-4CB8-ACA9-165242416758}" = Digital Video
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D8CC168-A12E-422D-A3DF-53AD64E4F1ED}" = RPS CRT
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6B619ED4-492F-4AD2-BCA7-563AFC938B0F}" = AMD CPUInfo
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{721FEDC0-456E-3E8B-C4AF-3C3DC8196DB4}" = ccc-core-preinstall
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AABF28C-E8DC-9859-D016-FCEED1183753}" = Catalyst Control Center Core Implementation
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F9C75FD-4057-C67F-54DD-84F00CEEC07A}" = Skins
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{89BC7626-A4B4-0466-1624-B3D44DB47B8B}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD704325-6572-7653-B5B2-08FD243E5D46}" = Catalyst Control Center Graphics Light
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6111BDE-3D23-403E-96BD-3CE416101B16}" = Diskeeper Professional Edition
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5D720C6-67A3-DD48-30E0-7B5EAE4DDA13}" = Catalyst Control Center Graphics Full New
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX Setup
"Foxit Reader" = Foxit Reader
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pixel Mine Launcher_is1" = Pixel Mine Launcher 1.00
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2010 3:03:34 PM | Computer Name = MOMCOMP1 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/24/2010 3:03:43 PM | Computer Name = MOMCOMP1 | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.

Error - 11/24/2010 4:58:48 PM | Computer Name = MOMCOMP1 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/24/2010 4:58:58 PM | Computer Name = MOMCOMP1 | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.

[ System Events ]
Error - 11/24/2010 6:43:03 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/24/2010 6:43:03 PM | Computer Name = MOMCOMP1 | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 11/24/2010 6:54:13 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/24/2010 6:54:13 PM | Computer Name = MOMCOMP1 | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 11/24/2010 6:54:14 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/24/2010 7:43:02 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/24/2010 7:43:02 PM | Computer Name = MOMCOMP1 | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%5

Error - 11/24/2010 7:43:02 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/24/2010 7:43:04 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

Error - 11/24/2010 7:43:05 PM | Computer Name = MOMCOMP1 | Source = Rasman | ID = 20035
Description = Remote Access Connection Manager failed to start because it could
not create buffers. Restart the computer. Access is denied.

< End of report >

Re: Redirect and new tab pop-ups25th November 2010, 4:27 pm

The missing line is the exact same as the one following it (beginning of post #17) except that it says wuweb not muweb and WuWebControlClass not MuWebControlClass and the numbers are different, they are;
{6414512B-B978-451D-A0D8-FCFDF33E833C}
1197145755156

Re: Redirect and new tab pop-ups26th November 2010, 12:59 am

Hello.

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Redirect and new tab pop-ups DXwU4

Re: Redirect and new tab pop-ups26th November 2010, 1:50 am

ComboFix 10-11-25.01 - daddy 11/25/2010 20:40:11.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1407 [GMT -5:00]
Running from: c:\documents and settings\daddy\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
c:\documents and settings\daddy\Application Data\completescan
c:\documents and settings\daddy\Application Data\install
c:\documents and settings\daddy\Local Settings\Temporary Internet Files\temp.cab
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-10-26 to 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-24 13:40 . 2010-11-24 13:40 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2010-11-18 02:26 . 2010-11-18 02:26 -------- d-----w- c:\documents and settings\daddy\Local Settings\Application Data\Identities
2010-11-13 20:02 . 2010-11-13 20:02 -------- d-----w- c:\documents and settings\daddy\Local Settings\Application Data\Conduit
2010-11-11 15:21 . 2010-11-11 15:21 -------- d-----w- c:\documents and settings\daddy\Application Data\Malwarebytes
2010-11-11 15:20 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-11 15:20 . 2010-11-11 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-11 15:20 . 2010-11-11 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-11 15:20 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-11 15:14 . 2010-11-11 15:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-08 16:26 . 2010-11-08 16:26 -------- d-----w- c:\documents and settings\Guest\Application Data\HpUpdate
2010-11-06 18:39 . 2010-11-06 18:39 -------- d-----w- c:\documents and settings\Guest\Application Data\Avira
2010-11-06 18:34 . 2010-11-06 18:34 -------- d-sh--w- c:\documents and settings\Guest\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 13:40 . 2010-08-26 17:51 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 15:53 . 2007-12-08 22:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-03 19:34 . 2010-08-26 17:51 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-18 19:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

c:\windows\System32\spoolsv.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-13 274608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\daddy\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-1-2 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:blizzard downloader
"6112:TCP"= 6112:TCP:blizzard downloader
"6881:TCP"= 6881:TCP:blizzard downloader
"1119:TCP"= 1119:TCP:blizzard downloader
"58191:TCP"= 58191:TCP:Pando Media Booster
"58191:UDP"= 58191:UDP:Pando Media Booster

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/26/2010 12:51 PM 135336]
R3 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [12/11/2007 3:11 AM 29696]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 11:56 AM 135664]
S3 adxapie;adxapie;\??\c:\docume~1\daddy\LOCALS~1\Temp\adxapie.sys --> c:\docume~1\daddy\LOCALS~1\Temp\adxapie.sys [?]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [5/21/2008 2:54 PM 87824]
.
Contents of the 'Scheduled Tasks' folder

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 16:56]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 16:56]

2010-11-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1993962763-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2010-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1993962763-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2010-11-25 c:\windows\Tasks\User_Feed_Synchronization-{5710E62F-4F38-4158-9F61-7E5EEBF6864D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://merlin.telus.net/wizlet/Merlin11/static/controls/MotiveClient.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-GlobeCom_Full_Client_McciTrayApp - c:\program files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
AddRemove-Foxit Reader - c:\program files\Foxit Software\Foxit Reader\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-25 20:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-25 20:48:27
ComboFix-quarantined-files.txt 2010-11-26 01:48

Pre-Run: 125,515,666,944 bytes free
Post-Run: 126,659,879,936 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 79D168398013E0A29C7422B88548FB29

Re: Redirect and new tab pop-ups27th November 2010, 1:03 am

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
KILLALL:: Driver:: adxapie FCopy:: c:\windows\$NtUninstallKB896423$\spoolsv.exe | c:\windows\System32\spoolsv.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Redirect and new tab pop-ups DXwU4

Re: Redirect and new tab pop-ups27th November 2010, 3:34 am

ComboFix 10-11-26.04 - daddy 11/26/2010 22:21:03.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1461 [GMT -5:00]
Running from: c:\documents and settings\daddy\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\daddy\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$NtUninstallKB896423$\spoolsv.exe --> c:\windows\System32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADXAPIE
-------\Service_adxapie

((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-27 03:21 . 2004-08-04 12:00 57856 -c--a-w- c:\windows\system32\dllcache\spoolsv.exe
2010-11-27 03:21 . 2004-08-04 12:00 57856 ----a-w- c:\windows\system32\spoolsv.exe
2010-11-24 13:40 . 2010-11-24 13:40 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2010-11-18 02:26 . 2010-11-18 02:26 -------- d-----w- c:\documents and settings\daddy\Local Settings\Application Data\Identities
2010-11-13 20:02 . 2010-11-13 20:02 -------- d-----w- c:\documents and settings\daddy\Local Settings\Application Data\Conduit
2010-11-11 15:21 . 2010-11-11 15:21 -------- d-----w- c:\documents and settings\daddy\Application Data\Malwarebytes
2010-11-11 15:20 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-11 15:20 . 2010-11-11 15:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-11 15:20 . 2010-11-11 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-11 15:20 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-11 15:14 . 2010-11-11 15:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-08 16:26 . 2010-11-08 16:26 -------- d-----w- c:\documents and settings\Guest\Application Data\HpUpdate
2010-11-06 18:39 . 2010-11-06 18:39 -------- d-----w- c:\documents and settings\Guest\Application Data\Avira
2010-11-06 18:34 . 2010-11-06 18:34 -------- d-sh--w- c:\documents and settings\Guest\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 13:40 . 2010-08-26 17:51 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 15:53 . 2007-12-08 22:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-03 19:34 . 2010-08-26 17:51 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-18 19:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-13 274608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\daddy\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-1-2 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:blizzard downloader
"6112:TCP"= 6112:TCP:blizzard downloader
"6881:TCP"= 6881:TCP:blizzard downloader
"1119:TCP"= 1119:TCP:blizzard downloader
"58191:TCP"= 58191:TCP:Pando Media Booster
"58191:UDP"= 58191:UDP:Pando Media Booster

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/26/2010 12:51 PM 135336]
R3 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [12/11/2007 3:11 AM 29696]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 11:56 AM 135664]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [5/21/2008 2:54 PM 87824]
.
Contents of the 'Scheduled Tasks' folder

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 16:56]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 16:56]

2010-11-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1993962763-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2010-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1993962763-839522115-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2010-11-27 c:\windows\Tasks\User_Feed_Synchronization-{5710E62F-4F38-4158-9F61-7E5EEBF6864D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://merlin.telus.net/wizlet/Merlin11/static/controls/MotiveClient.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-26 22:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2380)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-11-26 22:31:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-27 03:31
ComboFix2.txt 2010-11-26 01:48

Pre-Run: 126,657,276,928 bytes free
Post-Run: 126,540,901,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8A6DFA7D97722F15F707C364AC50CCFA

Re: Redirect and new tab pop-ups28th November 2010, 1:00 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Redirect and new tab pop-ups DXwU4

Re: Redirect and new tab pop-ups28th November 2010, 2:07 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4db23a1e4ce1584eb11060ea857c7d33
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-28 01:53:28
# local_time=2010-11-27 08:53:28 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775145 100 93 0 49046888 233288 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63787
# found=0
# cleaned=0
# scan_time=1432

Re: Redirect and new tab pop-ups29th November 2010, 12:28 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Updating Java:

Download the latest version of Java SE Runtime Environment (JRE) 6 Update 22.
Click the "Download JRE" button to the right.
In the Window that opens, select your platform, check the "agree" box, and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on jre-6u22-windows-i586.exe that you downloaded to install the newest version.

How is the machine running now?

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Redirect and new tab pop-ups DXwU4

Re: Redirect and new tab pop-ups29th November 2010, 2:04 am

Much better! Thank you so much, you are awesome! I am broke as hell right now (single mom at christmas time) but if I happen to have any spare $ in the future I will for sure make a donation! Thanks again!!!

Re: Redirect and new tab pop-ups29th November 2010, 10:06 pm

Hello.
Not a problem.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Redirect and new tab pop-ups DXwU4

Redirect and new tab pop-ups

descriptionRedirect and new tab pop-ups24th November 2010, 7:32 pm

descriptionRe: Redirect and new tab pop-ups24th November 2010, 10:59 pm

descriptionRe: Redirect and new tab pop-ups24th November 2010, 11:55 pm

descriptionRe: Redirect and new tab pop-ups24th November 2010, 11:59 pm

descriptionRe: Redirect and new tab pop-ups25th November 2010, 12:04 am

descriptionRe: Redirect and new tab pop-ups25th November 2010, 12:08 am

descriptionRe: Redirect and new tab pop-ups25th November 2010, 12:18 am

descriptionRe: Redirect and new tab pop-ups25th November 2010, 12:29 am

descriptionRe: Redirect and new tab pop-ups25th November 2010, 2:26 am

descriptionRe: Redirect and new tab pop-ups25th November 2010, 3:31 pm

descriptionRe: Redirect and new tab pop-ups25th November 2010, 3:31 pm

descriptionRe: Redirect and new tab pop-ups25th November 2010, 4:09 pm

descriptionRe: Redirect and new tab pop-ups25th November 2010, 4:10 pm

descriptionRe: Redirect and new tab pop-ups25th November 2010, 4:19 pm

descriptionRe: Redirect and new tab pop-ups25th November 2010, 4:19 pm

descriptionRe: Redirect and new tab pop-ups25th November 2010, 4:20 pm

descriptionRe: Redirect and new tab pop-ups25th November 2010, 4:21 pm

descriptionRe: Redirect and new tab pop-ups25th November 2010, 4:22 pm

descriptionRe: Redirect and new tab pop-ups25th November 2010, 4:27 pm

descriptionRe: Redirect and new tab pop-ups26th November 2010, 12:59 am

descriptionRe: Redirect and new tab pop-ups26th November 2010, 1:50 am

descriptionRe: Redirect and new tab pop-ups27th November 2010, 1:03 am

descriptionRe: Redirect and new tab pop-ups27th November 2010, 3:34 am

descriptionRe: Redirect and new tab pop-ups28th November 2010, 1:00 am

descriptionRe: Redirect and new tab pop-ups28th November 2010, 2:07 am

descriptionRe: Redirect and new tab pop-ups29th November 2010, 12:28 am

descriptionRe: Redirect and new tab pop-ups29th November 2010, 2:04 am

descriptionRe: Redirect and new tab pop-ups29th November 2010, 10:06 pm

descriptionRe: Redirect and new tab pop-ups