Google links redirect hijack

Hello,

I am also having a Google link redirect problem. I've tried to follow the many post in this forum hoping I could resolve this issue on my own, but there seam to be numerous presentations of the same problem (hijack). I decided to follow you recommendations, and post OLT logs.

Many thanks in advance for you assistance.

OTL.txt

OTL logfile created on: 2011-06-16 10:02:52 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Alain\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,75% Memory free
3,85 Gb Paging File | 3,28 Gb Available in Paging File | 85,09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279,46 Gb Total Space | 76,72 Gb Free Space | 27,45% Space Free | Partition Type: NTFS
Drive D: | 7,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: BUREAU | User Name: Alain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-06-16 09:57:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alain\Desktop\OTL.exe
PRC - [2011-05-25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Alain\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011-04-14 12:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-12-08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010-12-08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010-11-08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010-03-18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2010-01-04 12:36:28 | 002,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2009-12-25 18:29:24 | 000,120,320 | ---- | M] () -- C:\Program Files\Yawcam\Yawcam_Service.exe
PRC - [2009-09-08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008-07-13 10:29:16 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008-06-15 13:15:00 | 001,336,832 | ---- | M] (Marek Jasinski - www.FreeCommander.com) -- C:\Program Files\FreeCommander\FreeCommander.exe
PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-28 15:31:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008-01-25 19:02:16 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2007-09-04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007-03-15 13:54:48 | 000,057,344 | ---- | M] (Cepstral, LLC) -- C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
PRC - [2002-12-12 08:45:00 | 000,541,184 | R--- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2002-12-12 08:45:00 | 000,028,160 | R--- | M] () -- C:\Program Files\WinFax\WFXSWTCH.exe
PRC - [2000-09-28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE


========== Modules (SafeList) ==========

MOD - [2011-06-16 09:57:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alain\Desktop\OTL.exe
MOD - [2010-08-23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Wu20xoipc)
SRV - [2010-12-08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010-12-08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010-11-08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009-12-25 18:29:24 | 000,120,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Yawcam\Yawcam_Service.exe -- (Yawcam)
SRV - [2009-09-08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008-07-13 10:29:16 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007-09-04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007-03-15 13:54:48 | 000,057,344 | ---- | M] (Cepstral, LLC) [Auto | Running] -- C:\Program Files\Cepstral\bin\CepstralLicSrv.exe -- (Cepstral License Server)
SRV - [2000-09-28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)


========== Driver Services (SafeList) ==========

DRV - [2010-12-08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010-07-06 14:52:50 | 000,097,376 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2010-06-09 22:39:26 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\radpms.sys -- (radpms)
DRV - [2010-03-18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010-03-18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010-03-18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010-03-18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010-03-18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010-03-18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010-03-18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010-03-18 20:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010-03-18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010-03-18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010-03-18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010-03-18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010-03-18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010-03-18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010-03-18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010-03-18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010-03-18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010-03-18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010-03-18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2009-07-14 23:46:08 | 000,137,088 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adidts.sys -- (ADIDTSFiltService)
DRV - [2008-10-17 17:38:55 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008-06-27 23:04:08 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-06-06 16:07:20 | 000,034,128 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2008-02-28 15:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008-01-25 20:01:06 | 000,132,096 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008-01-25 20:01:00 | 000,125,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2007-09-04 20:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007-05-11 18:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007-05-11 18:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-05-11 18:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006-08-07 12:39:24 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-08-07 12:39:22 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-03-17 06:03:10 | 000,067,712 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005-10-19 03:15:28 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2004-11-02 03:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004-08-12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004-05-17 22:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2001-08-17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cyberpresse.ca/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: firefox@zemanta.com:0.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-30 19:05:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-04-30 19:05:45 | 000,000,000 | ---D | M]

[2008-06-27 16:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Extensions
[2011-05-12 21:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\y0u7v6p8.default\extensions
[2010-04-27 16:42:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\y0u7v6p8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-03-12 18:31:24 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\y0u7v6p8.default\extensions\battlefieldheroespatcher@ea.com
[2011-03-06 11:24:46 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\y0u7v6p8.default\extensions\en-CA@dictionaries.addons.mozilla.org
[2011-05-12 21:19:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\y0u7v6p8.default\extensions\foxmarks@kei.com
[2011-05-02 08:58:32 | 000,000,000 | ---D | M] (Dictionnaire français «Classique») -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\y0u7v6p8.default\extensions\fr-classique@dictionaries.addons.mozilla.org
[2010-02-13 09:07:41 | 000,000,000 | ---D | M] (Dictionnaire français «Classique») -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\y0u7v6p8.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2010-10-31 13:17:19 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\y0u7v6p8.default\extensions\vshare@toolbar
[2011-04-30 19:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-06-24 09:22:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-05-02 08:34:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-01 12:58:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALAIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y0U7V6P8.DEFAULT\EXTENSIONS\FIREFOX@ZEMANTA.COM.XPI
[2008-12-21 19:53:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-04-14 12:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-01-01 04:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010-01-01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010-01-01 04:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010-01-01 04:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010-01-01 04:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011-06-12 01:43:08 | 000,000,919 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 67.205.118.177 www.google.com
O1 - Hosts: 67.205.118.178 search.yahoo.com
O1 - Hosts: 67.205.118.178 www.bing.com
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {2bd70b5b-d47a-4fb2-93ae-84d4714c25cc} - No CLSID value found.
O2 - BHO: (no name) - {5C86DAAE-E498-4F01-A9CF-73E8198B436E} - No CLSID value found.
O2 - BHO: (no name) - {88D0731A-C460-4B44-AA03-4998ED27F417} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [WFXSwtch] C:\Program Files\WinFax\WFXSWTCH.exe ()
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - Startup: C:\Documents and Settings\Alain\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Alain\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Alain\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alain\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {1163CEEB-7C80-4F41-BD2B-A8653949421F} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\khfDwwvu) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-06-27 16:19:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2c27d22d-6ddb-11e0-a5d6-001a92c91e14}\Shell - "" = AutoRun
O33 - MountPoints2\{2c27d22d-6ddb-11e0-a5d6-001a92c91e14}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2c27d22d-6ddb-11e0-a5d6-001a92c91e14}\Shell\AutoRun\command - "" = V:\autorun.bat
O33 - MountPoints2\{39c2ff3c-4dd9-11e0-a5c3-001a92c91e14}\Shell\Open\command - "" = C:\Program Files\VideoLAN\VLC\vlc.exe -- [2010-08-26 19:34:22 | 000,107,008 | ---- | M] ()
O33 - MountPoints2\{39c2ff3d-4dd9-11e0-a5c3-001a92c91e14}\Shell\Open\command - "" = C:\Program Files\VideoLAN\VLC\vlc.exe -- [2010-08-26 19:34:22 | 000,107,008 | ---- | M] ()
O33 - MountPoints2\{39c2ff3e-4dd9-11e0-a5c3-001a92c91e14}\Shell\Open\command - "" = C:\Program Files\VideoLAN\VLC\vlc.exe -- [2010-08-26 19:34:22 | 000,107,008 | ---- | M] ()
O33 - MountPoints2\{f25a4cad-d1a8-11df-a57f-001a92c91e14}\Shell\play\command - "" = C:\Program Files\VideoLAN\VLC\vlc.exe -- [2010-08-26 19:34:22 | 000,107,008 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011-06-16 09:57:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alain\Desktop\OTL.exe
[2011-06-16 09:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alain\Start Menu\Programs\Revo Uninstaller
[2011-06-12 02:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hL28000EbAoH28000
[2011-06-02 01:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alain\.yawcam
[2011-06-02 01:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yawcam
[2011-06-02 01:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Yawcam
[2011-06-01 13:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
[2011-05-28 02:57:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Alain\Recent
[2011-05-28 02:49:09 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011-05-26 21:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2011-05-26 21:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alain\Start Menu\Programs\MP3Gain
[2011-05-26 21:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alain\Application Data\InfraRecorder
[2011-05-26 21:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2011-05-26 21:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InfraRecorder
[2010-03-18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2010-03-18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-06-16 09:57:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alain\Desktop\OTL.exe
[2011-06-16 09:50:42 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\Alain\Desktop\CKScanner.exe
[2011-06-16 09:37:02 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Alain\Desktop\Revo Uninstaller.lnk
[2011-06-16 09:05:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-2052111302-682003330-1003UA.job
[2011-06-16 01:24:44 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011-06-16 01:24:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-06-16 01:24:23 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-06-16 01:23:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-06-16 01:05:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-2052111302-682003330-1003Core.job
[2011-06-16 00:55:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-06-14 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2011-06-14 08:36:43 | 000,452,779 | ---- | M] () -- C:\Documents and Settings\Alain\Desktop\SOU571.pdf
[2011-06-14 08:09:20 | 000,431,994 | ---- | M] () -- C:\Documents and Settings\Alain\Desktop\SOU570.pdf
[2011-06-12 20:04:17 | 000,139,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011-06-12 20:04:09 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011-06-12 19:05:03 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011-06-12 15:15:52 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\Alain\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-06-12 03:26:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011-06-02 01:27:50 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-06-02 01:22:52 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Quick Launch\Yawcam.lnk
[2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-05-28 03:55:50 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Alain\Start Menu\Programs\Startup\Dropbox.lnk
[2011-05-28 02:53:07 | 000,001,294 | ---- | M] () -- C:\WINDOWS\RegBootClean.CFG
[2011-05-28 02:51:36 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2011-05-28 01:47:38 | 000,013,564 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5bfpmqtq7mu88r0308hhv1b34gi712fxq1rdw0k76s
[2011-05-28 01:47:38 | 000,013,564 | -HS- | M] () -- C:\Documents and Settings\Alain\Local Settings\Application Data\5bfpmqtq7mu88r0308hhv1b34gi712fxq1rdw0k76s
[2011-05-26 21:23:59 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2011-05-18 09:31:00 | 003,299,411 | ---- | M] () -- C:\Documents and Settings\Alain\Desktop\E4840_M4A785TD-M_EVO_manual.zip
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-06-16 09:50:42 | 000,453,632 | ---- | C] () -- C:\Documents and Settings\Alain\Desktop\CKScanner.exe
[2011-06-16 09:37:02 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Alain\Desktop\Revo Uninstaller.lnk
[2011-06-16 00:53:57 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011-06-14 08:36:43 | 000,452,779 | ---- | C] () -- C:\Documents and Settings\Alain\Desktop\SOU571.pdf
[2011-06-14 08:09:20 | 000,431,994 | ---- | C] () -- C:\Documents and Settings\Alain\Desktop\SOU570.pdf
[2011-06-02 01:27:50 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-06-02 01:22:52 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Quick Launch\Yawcam.lnk
[2011-05-28 02:51:36 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011-05-28 02:51:36 | 000,001,294 | ---- | C] () -- C:\WINDOWS\RegBootClean.CFG
[2011-05-28 01:40:40 | 000,013,564 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5bfpmqtq7mu88r0308hhv1b34gi712fxq1rdw0k76s
[2011-05-28 01:40:40 | 000,013,564 | -HS- | C] () -- C:\Documents and Settings\Alain\Local Settings\Application Data\5bfpmqtq7mu88r0308hhv1b34gi712fxq1rdw0k76s
[2011-05-26 21:23:59 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2011-05-18 09:30:53 | 003,299,411 | ---- | C] () -- C:\Documents and Settings\Alain\Desktop\E4840_M4A785TD-M_EVO_manual.zip
[2010-10-22 19:35:25 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\burnaware.ini
[2010-10-10 21:00:42 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010-10-10 21:00:41 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010-10-10 21:00:41 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010-10-10 21:00:22 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010-10-06 21:31:59 | 002,601,752 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_moh.exe
[2010-09-06 18:14:16 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-09-06 18:07:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010-06-25 07:17:19 | 000,087,976 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-06-07 01:35:15 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010-03-18 19:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010-03-18 19:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010-03-18 19:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010-03-18 19:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2010-03-18 19:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2010-03-18 19:07:54 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010-03-18 19:03:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010-03-18 19:02:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010-03-18 19:00:42 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010-03-18 19:00:28 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010-03-18 19:00:28 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010-03-18 18:59:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010-03-18 18:59:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010-03-18 18:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009-12-21 19:37:26 | 002,427,248 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2009-07-08 15:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009-07-01 08:16:07 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Alain\Application Data\PnkBstrK.sys
[2009-07-01 08:15:47 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009-01-16 00:45:08 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008-12-25 13:00:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008-12-11 00:43:43 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008-12-11 00:43:43 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008-12-11 00:43:43 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008-12-11 00:43:43 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008-12-11 00:43:43 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008-09-22 00:39:29 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-08-07 21:12:59 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Alain\Local Settings\Application Data\fusioncache.dat
[2008-07-26 10:03:36 | 000,000,257 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-07-23 00:07:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008-07-17 22:10:48 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\Alain\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-07-05 10:40:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008-06-28 23:58:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2008-06-28 23:54:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2008-06-28 23:54:32 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2008-06-28 23:54:32 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2008-06-27 23:17:21 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-06-27 23:17:15 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008-06-27 23:16:59 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008-06-27 16:51:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008-06-27 16:42:44 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008-06-27 16:42:44 | 000,000,400 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008-06-27 16:35:33 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008-06-27 16:35:32 | 000,021,673 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-06-27 16:35:17 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-06-27 16:21:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008-06-27 16:18:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-06-27 12:10:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-06-27 12:09:22 | 000,153,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-05-16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008-04-14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007-08-13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007-05-11 17:12:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007-03-12 13:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006-12-31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006-08-11 14:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2004-08-04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004-08-04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 08:00:00 | 000,442,422 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 08:00:00 | 000,071,424 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

Estras.txt

OTL Extras logfile created on: 2011-06-16 10:02:52 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Alain\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,75% Memory free
3,85 Gb Paging File | 3,28 Gb Available in Paging File | 85,09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279,46 Gb Total Space | 76,72 Gb Free Space | 27,45% Space Free | Partition Type: NTFS
Drive D: | 7,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: BUREAU | User Name: Alain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Sync with Dropbox] -- "C:\Program Files\Dropbox Folder Sync\Dropbox Folder Sync.exe" "%1" (IIT Guwahati)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Alain\Desktop\utorrent.exe" = C:\Documents and Settings\Alain\Desktop\utorrent.exe:*:Enabled:µTorrent
"C:\Documents and Settings\Alain\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Alain\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Alain\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Alain\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPUpdater.exe" = C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Open Beta
"C:\Documents and Settings\Alain\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Alain\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0CA3F0D5-C6C1-4D50-A71D-DCAD2E7F0894}" = Cepstral Linda 4.2.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}" = SnagIt 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 2.5.0
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{6C6B948A-5E6C-4C2C-9ECB-F8251B1F75E4}" = Cepstral Walter 4.2.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.6
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_POWERPOINT_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_POWERPOINT_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_POWERPOINT_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_POWERPOINT_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_POWERPOINT_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A595C6BC-D961-4BAD-ACB3-BE599870D1A1}" = NextUp-Acapela Elan Laura22 US English Voice
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0
"{C8D6764C-36C7-428F-AE58-4400175A435A}" = AT&T Labs' Natural Voices - Desktop 1.4 Redist
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E651C86D-8B0B-4D71-B2CD-904ADB5E0F80}" = Cepstral William 4.2.0
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1BBACCA-FD4A-4575-BECE-822AA16871ED}" = Downloader Pro
"{F359B3B0-6FA7-4B5F-ABAA-AC5C9A58BED4}" = Cepstral Robin 4.2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF71D2F7-D7DE-4796-B8CE-6F4637E1C229}" = Cepstral Emily 4.2.0
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"BurnAware Free_is1" = BurnAware Free 3.0.7
"CAL" = Canon Camera Access Library
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"Canon MOV Decoder" = Canon MOV Decoder
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Dropbox Folder Sync" = Dropbox Folder Sync
"EPSON Scanner" = EPSON Scan
"Free Audio Editor" = Free Audio Editor
"FreeCommander_is1" = FreeCommander 2008.06
"HandBrake" = HandBrake 0.9.3
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"HydraIRC" = HydraIRC
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstantInvoice 3_is1" = InstantInvoice 3
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Look@LAN_1.0" = Look@LAN 2.50 Build 35
"LoqTTS-Bernard_is1" = Loquendo TTS: Bernard (French)
"LoqTTS-Juliette_is1" = Loquendo TTS: Juliette (French)
"LoqTTS-Susan_is1" = Loquendo TTS: Susan (American English)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MediaInfo" = MediaInfo 0.7.8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"Mumble" = Mumble and Murmur
"MusicBrainz Picard" = MusicBrainz Picard 0.9.0
"MyCamera" = Canon Utilities MyCamera
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PC Wizard 2008_is1" = PC Wizard 2008.1.85.2
"Photocopier_is1" = Photocopier 3.03
"Picasa 3" = Picasa 3
"POWERPOINT" = Microsoft Office PowerPoint 2007
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.92
"Samsung CLP-510 Series" = Samsung CLP-510 Series
"Steam App 440" = Team Fortress 2
"SumatraPDF" = Sumatra PDF reader
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The KMPlayer" = The KMPlayer (remove only)
"TipCam" = TipCam 2.0
"Tunnelier" = Bitvise Tunnelier 4.35 (remove only)
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"WinCDEmu" = WinCDEmu
"WinFax" = Symantec WinFax PRO

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-10-08 23:26:21 | Computer Name = BUREAU | Source = Application Error | ID = 1000
Description = Faulting application wfxswtch.exe, version 0.0.0.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 2010-11-20 21:50:24 | Computer Name = BUREAU | Source = Application Error | ID = 1000
Description = Faulting application bfheroes.exe, version 0.0.0.0, faulting module
swiffplayer.dll, version 0.0.0.0, fault address 0x0009ccf3.

Error - 2010-11-20 21:53:02 | Computer Name = BUREAU | Source = Application Error | ID = 1000
Description = Faulting application bfheroes.exe, version 0.0.0.0, faulting module
swiffplayer.dll, version 0.0.0.0, fault address 0x0009ccf3.

Error - 2010-11-20 21:53:09 | Computer Name = BUREAU | Source = Application Error | ID = 1001
Description = Fault bucket 2038241958.

Error - 2010-12-04 16:23:32 | Computer Name = BUREAU | Source = Application Error | ID = 1000
Description = Faulting application bfheroes.exe, version 0.0.0.0, faulting module
swiffplayer.dll, version 0.0.0.0, fault address 0x0009ccf1.

Error - 2011-01-26 10:09:34 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Hanging application plugin-container.exe, version 1.9.2.3989, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2011-02-11 01:17:41 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Hanging application FreeCommander.exe, version 2008.6.0.350, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2011-04-24 09:23:51 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Hanging application Universal-USB-Installer-1.8.4.2.exe, version 1.8.4.2,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2011-06-06 09:54:26 | Computer Name = BUREAU | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 2011-06-06 09:54:26 | Computer Name = BUREAU | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 2011-06-12 02:53:50 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2011-06-12 02:53:50 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec mozyFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 2011-06-12 02:56:09 | Computer Name = BUREAU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2011-06-12 02:57:24 | Computer Name = BUREAU | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 2011-06-12 02:59:13 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7000
Description = The LMIGuardianSvc service failed to start due to the following error:
%%230

Error - 2011-06-12 02:59:13 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LogMeIn service to connect.

Error - 2011-06-12 03:02:35 | Computer Name = BUREAU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2011-06-12 03:03:20 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm mozyFilter

Error - 2011-06-12 03:25:12 | Computer Name = BUREAU | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2011-06-12 03:26:29 | Computer Name = BUREAU | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >

Hello.

• Download combofix from here
  Link 1
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Hello Belahzur,

Thank you for your assistance.

Here is the log file:

ComboFix 11-06-17.04 - Alain 2011-06-17 20:28:49.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1388 [GMT -4:00]
Running from: c:\documents and settings\Alain\Desktop\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\hL28000EbAoH28000
c:\documents and settings\All Users\Application Data\hL28000EbAoH28000\hL28000EbAoH28000
c:\documents and settings\All Users\Application Data\hL28000EbAoH28000\hL28000EbAoH28000.exe
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-12 06:40 . 2011-06-12 06:40 153088 ----a-w- c:\program files\Mozilla Firefox\342158443239210616.exe
2011-06-02 05:22 . 2011-06-02 05:26 -------- d-----w- c:\documents and settings\Alain\.yawcam
2011-06-02 05:22 . 2011-06-02 05:22 -------- d-----w- c:\program files\Yawcam
2011-05-28 06:51 . 2011-05-28 06:51 102400 ----a-w- c:\windows\RegBootClean.exe
2011-05-28 06:49 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-28 05:54 . 2011-05-28 05:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-05-27 01:27 . 2011-05-27 01:38 -------- d-----w- c:\program files\MP3Gain
2011-05-27 01:24 . 2011-05-27 01:25 -------- d-----w- c:\documents and settings\Alain\Application Data\InfraRecorder
2011-05-27 01:23 . 2011-05-27 01:23 -------- d-----w- c:\program files\InfraRecorder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 05:24 . 2011-05-13 03:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-13 00:04 . 2008-06-28 03:17 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-13 00:04 . 2009-04-11 12:31 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-13 00:04 . 2008-06-28 03:17 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-12 23:05 . 2008-06-28 03:17 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-05-29 13:11 . 2008-07-31 02:15 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2008-07-31 02:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31 . 2008-06-27 20:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2008-04-14 04:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51 . 2008-06-25 22:57 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51 . 2008-06-25 22:56 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51 . 2008-06-25 22:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51 . 2008-06-25 22:56 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2008-06-25 22:56 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 04:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-14 16:41 . 2011-04-30 23:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-25 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Alain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Alain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Alain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Alain\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WFXSwtch"="c:\progra~1\WinFax\WFXSWTCH.exe" [2002-12-12 28160]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-01-25 196128]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120]
.
c:\documents and settings\Alain\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Alain\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-15 113664]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 18:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 20:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Alain\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Alain\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Alain\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-06-27 717296]
R2 Cepstral License Server;Cepstral License Server;c:\program files\Cepstral\bin\CepstralLicSrv.exe [2007-03-15 57344]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-10-03 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-02-28 12856]
R2 Yawcam;Yawcam;c:\program files\Yawcam\Yawcam_Service.exe [2011-06-02 120320]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2010-04-06 97376]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-06-06 34128]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-02-28 13408]
S0 fpdww;fpdww;c:\windows\system32\drivers\ftkcodes.sys --> c:\windows\system32\drivers\ftkcodes.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-03-18 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-03-18 99416]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-03-18 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-03-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-03-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-03-18 100952]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2010-03-18 18904]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-03-18 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-03-18 566360]
S3 Wu20xoipc;Wu20xoipc; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-2052111302-682003330-1003Core.job
- c:\documents and settings\Alain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-04 00:45]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-2052111302-682003330-1003UA.job
- c:\documents and settings\Alain\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-04 00:45]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{82FE00ED-1866-4655-82A7-F22647274530}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Alain\Application Data\Mozilla\Firefox\Profiles\y0u7v6p8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cyberpresse.ca/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{2bd70b5b-d47a-4fb2-93ae-84d4714c25cc} - (no file)
BHO-{5C86DAAE-E498-4F01-A9CF-73E8198B436E} - (no file)
BHO-{88D0731A-C460-4B44-AA03-4998ED27F417} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 20:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(2816)
c:\windows\system32\WININET.dll
c:\documents and settings\Alain\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\WFXSVC.EXE
c:\program files\WinFax\WFXMOD32.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-06-17 20:34:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-18 00:34
.
Pre-Run: 86 451 662 848 bytes free
Post-Run: 86 481 629 184 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1BB1CFBC054A17686250B8661673D62D

Hi,

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

Hi Sneakyone,

Thank you for your time and expertise.

Did you see anything in the previous logs that lead you to think that I have something else lying around on my HD (or MBR)? And if you did, would you care to educate me.

I don't seam to have Google redirect hijack anymore since running Combofix.

Best regards.

Yes, there is a specific rootkit I am looking for that is known to cause your symptoms.

Sneakyone,

Here is the aswMBR log file:

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-21 21:37:29
-----------------------------
21:37:29.184 OS Version: Windows 5.1.2600 Service Pack 3
21:37:29.184 Number of processors: 4 586 0xF07
21:37:29.184 ComputerName: BUREAU UserName: Alain
21:37:29.684 Initialize success
21:37:46.106 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000086
21:37:46.106 Disk 0 Vendor: NVIDIA__ Size: 286178MB BusType: 8
21:37:48.122 Disk 0 MBR read successfully
21:37:48.122 Disk 0 MBR scan
21:37:48.122 Disk 0 Windows XP default MBR code
21:37:50.122 Disk 0 scanning sectors +586067265
21:37:50.122 Disk 0 scanning C:\WINDOWS\system32\drivers
21:37:53.263 Service scanning
21:37:54.044 Disk 0 trace - called modules:
21:37:54.044 ntoskrnl.exe CLASSPNP.SYS disk.sys nvrd32.sys hal.dll ACPI.sys >>UNKNOWN [0x8a3cc1f8]<<
21:37:54.044 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a250030]
21:37:54.044 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000086[0x8a2f2d78]
21:37:54.044 5 nvrd32.sys[f79656a6] -> nt!IofCallDriver -> \Device\00000084[0x8a3d1388]
21:37:54.044 7 ACPI.sys[f7496620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port7Path0Target0Lun0[0x8a2b9a38]
21:37:54.044 \Driver\nvgts[0x8a29ac00] -> IRP_MJ_CREATE -> 0x8a3cc1f8
21:37:54.044 Scan finished successfully
21:38:26.591 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alain\Desktop\MBR.dat"
21:38:26.591 The log file has been saved successfully to "C:\Documents and Settings\Alain\Desktop\aswMBR.txt"

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Sneakyone,

Here's the MBAM log.

-----

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6941

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2011-06-24 17:07:55
mbam-log-2011-06-24 (17-07-55).txt

Scan type: Quick scan
Objects scanned: 183127
Time elapsed: 1 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi,

Are the redirects still occuring?

Sneakyone,

Everything looks fine. Actually, the redirects have stopped since running Combofix.

Thank you very much for your time, support and expertise.

Best Regards.

Hi,

A few more things:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=7.00.6000.17098 (vista_gdr.110420-1745)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=c5c91bfa3dd1c643aa3254e801b68454
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2011-06-26 03:57:13
# local_time=2011-06-26 11:57:13 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=59742
# found=19
# cleaned=19
# scan_time=1254
C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\56\78ea68f8-1babe66d a variant of Win32/Kryptik.OKX trojan (cleaned by deleting - quarantined) FF8ACF8E15227A2F7E51F38A70403C28 C
C:\Downloads\TTS TextAloud Collection with ATT Voices Incl Keygens\TTS TextAloud Collection with ATT Voices Incl Keygens\News Aloud\Keygen\Serial & SnD.nfo.exe probably a variant of Win32/Agent.KYRABEN trojan (cleaned by deleting - quarantined) 4F026E82309E42C13A5442E9022E04EA C
C:\Downloads\TTS TextAloud Collection with ATT Voices Incl Keygens\TTS TextAloud Collection with ATT Voices Incl Keygens\Stocks Aloud\Keygen\Serial & SnD.nfo.exe probably a variant of Win32/Agent.BNRYBYA trojan (cleaned by deleting - quarantined) A9DF28FAE0430506D3DDF41023D3D391 C
C:\Downloads\TTS TextAloud Collection with ATT Voices Incl Keygens\TTS TextAloud Collection with ATT Voices Incl Keygens\Text Aloud\Crack\TextAloud v2.266.CRK.exe probably a variant of Win32/PSW.OnLineGames.MGODEIQ trojan (cleaned by deleting - quarantined) 6AA58184B46B167E786019BD5F02CE17 C
C:\Program Files\Mozilla Firefox\342158443239210616.exe a variant of Win32/Injector.HCJ trojan (cleaned by deleting - quarantined) 6296E4F380D3AACD544C5DCD00934C68 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\hL28000EbAoH28000\hL28000EbAoH28000.exe.vir a variant of Win32/Kryptik.PBK trojan (cleaned by deleting - quarantined) 8C6B8D499B5C977EC7339F20683D2267 C
C:\System Volume Information\_restore{5F06D42C-ED4B-4D1B-A16B-62116B7C5D94}\RP1005\A0134366.exe probably a variant of Win32/Agent.KYRABEN trojan (cleaned by deleting - quarantined) 4F026E82309E42C13A5442E9022E04EA C
C:\System Volume Information\_restore{5F06D42C-ED4B-4D1B-A16B-62116B7C5D94}\RP1005\A0134367.exe probably a variant of Win32/Agent.BNRYBYA trojan (cleaned by deleting - quarantined) A9DF28FAE0430506D3DDF41023D3D391 C
C:\System Volume Information\_restore{5F06D42C-ED4B-4D1B-A16B-62116B7C5D94}\RP1005\A0134368.exe probably a variant of Win32/PSW.OnLineGames.MGODEIQ trojan (cleaned by deleting - quarantined) 6AA58184B46B167E786019BD5F02CE17 C
C:\System Volume Information\_restore{5F06D42C-ED4B-4D1B-A16B-62116B7C5D94}\RP1005\A0134369.exe a variant of Win32/Injector.HCJ trojan (cleaned by deleting - quarantined) 6296E4F380D3AACD544C5DCD00934C68 C
C:\System Volume Information\_restore{5F06D42C-ED4B-4D1B-A16B-62116B7C5D94}\RP977\A0128834.exe a variant of Win32/Kryptik.OKX trojan (cleaned by deleting - quarantined) FF8ACF8E15227A2F7E51F38A70403C28 C
C:\System Volume Information\_restore{5F06D42C-ED4B-4D1B-A16B-62116B7C5D94}\RP991\A0133136.exe a variant of Win32/Clemag.NAG trojan (cleaned by deleting - quarantined) FB859209FA108C723BA54F98EF1F40D4 C
C:\System Volume Information\_restore{5F06D42C-ED4B-4D1B-A16B-62116B7C5D94}\RP991\A0133137.dll a variant of Win32/Clemag.NAG trojan (cleaned by deleting - quarantined) 97971DA16B7F1413E79CD41B63851DF8 C
C:\System Volume Information\_restore{5F06D42C-ED4B-4D1B-A16B-62116B7C5D94}\RP996\A0133696.exe a variant of Win32/Kryptik.PBK trojan (cleaned by deleting - quarantined) 8C6B8D499B5C977EC7339F20683D2267 C
C:\VundoFix Backups\CIRBcfhk.ini.bad Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 92AE3E2210D4C22E3CB6F70E0A544D41 C
C:\VundoFix Backups\CIRBcfhk.ini2.bad Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 92AE3E2210D4C22E3CB6F70E0A544D41 C
C:\VundoFix Backups\pnrwxgmq.ini.bad Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 432AB7694C7DD2321F192ADDD587C04C C
C:\VundoFix Backups\uvwwDfhk.ini.bad Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 8FD679E56F21603427D5C0394E95CC12 C
C:\VundoFix Backups\uvwwDfhk.ini2.bad Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 8FD679E56F21603427D5C0394E95CC12 C

Hi,

how is your computer running now?

Sneakyone,

LOL... I'm afraid to say "fine". I feel like your question should sound more like: "So... do you still think you system is running clean?"

I've taken good note of the tools you've been using.

Thank you again for your time and expertise.

Hi, you're welcome, glad to help.

These tools are professional tools that are very dangerous without supervision of a helper.

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE.
  

You now have a clean restore point.

To get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do a calculation of temporary/old files, and then display a dialogue box.
  
• Select the More Options Tab.
  
• At the bottom will be a System Restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done.
  

========

Removing the tools

Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download [URL="http://www.itxassociates.com/OT-Tools/OTC.exe"]OTC.exe[/URL] by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  

============

Update Programs

Please download the newest version of Adobe Acrobat Reader from [URL="http://www.adobe.com/products/acrobat/readstep2.html"]Adobe.com[/URL]

Please download the newest version of Java from [URL="http://www.java.com/en/download/manual.jsp"]Java.com[/URL].

===============

Staying Protected

If you don't have a anti-virus I recommend to download one of these free anti-virus programs:
1. [URL="http://www.avast.com/"]Avast![/URL]
2. [URL="http://www.avira.com/en/support-download-free-antivirus"]Avira[/URL]
3. [URL="http://www.microsoft.com/security_essentials/default.aspx"]Microsoft Security Essentials[/URL]

If you have Windows XP, then I recommend downloading one of these free firewalls if you do not already have one:
1. [URL="http://www.comodo.com/home/internet-security/firewall.php"]Comodo Firewall[/URL]
2. [URL="http://www.tallemu.com/products-online-armor-free.php"]Tallemu Online Armor[/URL]

I recommend using [URL="http://www.malwarebytes.org/mbam.php"]MalwareBytes Anti-Malware[/URL] for a anti-malware program.

If you don't have a anti-spyware I recommend to download this free program to help keep you spyware free:
1. [URL="http://www.javacoolsoftware.com/spywareblaster.html"]SpywareBlaster[/URL]

Please don't download more than one anti-virus, firewall, or anti-spyware because they will conflict with each other making your computer slow, data loss, and false results so please just don't do it.

================

Here are some prevention tips:

1. Torrents are a conduit of malware; this is why we highly recommend not using them as chances are extremely high that you will be infected from them.

2. Cracks/warez/keygens are another conduit of malware and are illegal so don't use them.

3. Disable auto-run to prevent auto-run worms from infecting your machine through USB drives.[URL="http://www.engadget.com/2004/06/29/how-to-tuesday-disable-autorun-on-windows/"]XP[/URL] or [URL="http://www.howtogeek.com/howto/windows-vista/disable-autoplay-in-windows-vista/"]Vista/7[/URL]

4. Always make sure you have the latest [URL="http://windowsupdate.microsoft.com"]Windows update[/URL].

5. Use a Site Advisor so you don't go to sites that will infect you. [URL="http://www.mywot.com/en/download"]Web-of-Trust[/URL] or [URL="http://www.siteadvisor.com/download/windows.html"]Mcafee Siteadvisor[/URL]

6. Also there are many holes and flaws in Internet Explorer I recommend using [URL="http://www.getfirefox.com/"]Firefox[/URL] or [URL="http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95346"]Google Chrome[/URL] to keep you more safe.

7. Always keep your [URL="http://www.java.com/en/download/installed.jsp"]Java[/URL] and Adobe Reader updated and all older versions removed to keep clear from exploits.

8. Don't fall for Scareware. What is Scareware? A rogue anti-virus on your system that will scare you into buying their fake software due to false detections.

9. Be sure to always have a firewall and anti-virus installed at all times.