[Inactive] Search Engine Redirect

  1. 31-10-2009  #31
    Bill C
    Bill C is offline Full Member

    re: [Inactive] Search Engine Redirect

    Completed "Run Fix" & "Quick Scan" w/ OTL.

    What should I do w/ the faded-looking desktop.ini icons that have appeared.

    Btw, redirects are still occuring.

    The following is the latest OTL logfile.

    OTL logfile created on: 10/31/2009 10:19:52 AM - Run 2
    OTL by OldTimer - Version 3.1.1.5 Folder = C:\Users\admin\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 93.79% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 363.75 Gb Total Space | 280.43 Gb Free Space | 77.09% Space Free | Partition Type: NTFS
    Drive D: | 8.85 Gb Total Space | 1.28 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ADMIN-PC
    Current User Name: admin
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2009/10/30 22:57:40 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    PRC - [2009/10/30 21:41:02 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
    PRC - [2009/10/24 17:46:21 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2009/10/24 13:20:36 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2009/10/24 13:20:35 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2009/10/24 13:20:35 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2009/10/24 13:20:35 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2009/10/24 13:20:32 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
    PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/06/05 11:19:18 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    PRC - [2008/05/22 15:49:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
    PRC - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
    PRC - [2008/01/19 03:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
    PRC - [2008/01/19 03:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
    PRC - [2008/01/19 03:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
    PRC - [2008/01/19 03:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
    PRC - [2008/01/19 03:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
    PRC - [2008/01/19 03:33:01 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2008/01/15 12:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/12/14 14:47:59 | 00,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    PRC - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
    PRC - [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2007/05/24 16:13:54 | 00,061,440 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    PRC - [2007/05/16 1244 | 00,067,128 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
    PRC - [2007/05/15 20:20:12 | 00,079,400 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    PRC - [2007/04/18 11:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
    PRC - [2007/02/15 07:59:00 | 00,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2009/10/24 13:20:32 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    SRV - [2009/10/23 22:33:54 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
    SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
    SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll
    SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll
    SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
    SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    SRV - [2008/05/22 15:49:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
    SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
    SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    SRV - [2008/03/25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    SRV - [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll
    SRV - [2008/01/19 03:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
    SRV - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
    SRV - [2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe
    SRV - [2007/12/14 14:43:49 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    SRV - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
    SRV - [2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
    SRV - [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    SRV - [2007/05/24 16:13:54 | 00,061,440 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    SRV - [2007/05/15 20:20:12 | 00,079,400 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    SRV - [2007/05/11 14:15:20 | 00,887,544 | ---- | M] (Sonic Solutions) -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    SRV - [2007/05/03 16:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe
    SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll
    SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


    ========== Modules (SafeList) ==========

    MOD - [2009/10/30 22:57:40 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    MOD - [2009/10/24 13:20:42 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    MOD - [2009/07/17 10:35:11 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
    MOD - [2008/02/29 02:53:38 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
    MOD - [2008/01/19 03:37:12 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
    MOD - [2008/01/19 03:36:48 | 01,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
    MOD - [2008/01/19 03:36:48 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
    MOD - [2008/01/19 03:36:34 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
    MOD - [2008/01/19 03:33:45 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
    MOD - [2008/01/19 03:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc\comctl32.dll


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{20a8264 5-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ File not found


    O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 36
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: disableregistrytools = 0
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: stargatewars.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.40 24.92.226.41
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/05 00:58:18 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/10/26 16:24:02 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009/10/26 16:24:02 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{e7de961d-a11b-11dc-bad4-00173f74eca7}\Shell - "" = AutoRun
    O33 - MountPoints2\{e7de961d-a11b-11dc-bad4-00173f74eca7}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found
    O35 - comfile [open] -- "%1" %* File not found
    O35 - exefile [open] -- "%1" %* File not found

    ========== Files/Folders - Created Within 14 Days ==========

    [2009/10/31 10:10:10 | 00,000,000 | ---D | C] -- C:\_OTL
    [2009/10/30 22:57:43 | 00,526,336 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2009/10/30 21:20:44 | 00,000,000 | ---D | C] -- C:\Users\admin\Desktop\JavaRa
    [2009/10/29 21:50:14 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2009/10/29 21:50:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2009/10/29 21:50:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/10/29 18:49:44 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2009/10/29 18:49:44 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2009/10/29 18:49:37 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.co m
    [2009/10/29 18:49:37 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2009/10/29 18:49:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2009/10/28 17:37:36 | 00,000,000 | ---D | C] -- C:\Users\admin\DoctorWeb
    [2009/10/28 17:34:01 | 19,950,520 | ---- | C] (Doctor Web, Ltd.) -- C:\Users\admin\Desktop\drweb-cureit.exe
    [2009/10/28 15:20:22 | 00,000,000 | --SD | C] -- C:\ComboFix
    [2009/10/27 11:01:59 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2009/10/27 11:01:59 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2009/10/27 11:01:59 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2009/10/27 11:01:59 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2009/10/27 11:01:52 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2009/10/27 11:01:33 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/10/26 16:24:02 | 00,000,000 | RHSD | C] -- C:\autorun.inf
    [2009/10/26 16:12:20 | 00,000,000 | ---D | C] -- C:\Avenger
    [2009/10/26 10:03:06 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
    [2009/10/26 10:03:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2009/10/26 10:03:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2009/10/24 19:37:02 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2009/10/24 19:13:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
    [2009/10/24 19:12:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2009/10/24 19:12:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2009/10/24 19:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2009/10/24 17:59:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/10/24 13:20:50 | 00,000,000 | -H-D | C] -- C:\$AVG
    [2009/10/24 13:20:42 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2009/10/24 13:20:42 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    [2009/10/24 13:20:37 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2009/10/24 13:20:36 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2009/10/24 13:20:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
    [2009/10/24 13:20:32 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
    [2009/10/24 13:20:32 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
    [2009/10/24 11:17:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2009/10/24 11:17:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2009/10/24 11:17:59 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2009/10/23 23:44:00 | 00,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Threat Expert
    [2009/10/23 23:35:03 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2009/10/23 23:35:03 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2009/10/23 23:19:45 | 00,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
    [2009/10/23 23:19:45 | 00,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE

    ========== Files - Modified Within 14 Days ==========

    [2009/10/31 10:19:58 | 02,883,584 | -HS- | M] () -- C:\Users\admin\ntuser.dat
    [2009/10/31 10:12:37 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2009/10/31 10:12:30 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2009/10/31 10:12:30 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2009/10/31 10:12:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/10/31 10:12:11 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2009/10/31 10:11:07 | 00,524,288 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
    [2009/10/31 10:11:07 | 00,065,536 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
    [2009/10/31 09:39:00 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2009/10/31 09:04:37 | 44,519,940 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2009/10/31 09:04:24 | 00,068,428 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
    [2009/10/31 00:34:48 | 02,844,079 | -H-- | M] () -- C:\Users\admin\AppData\Local\IconCache.db
    [2009/10/30 22:57:40 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
    [2009/10/30 10:29:09 | 00,179,064 | ---- | M] () -- C:\Users\admin\Desktop\Doc1.pdf
    [2009/10/30 09:41:16 | 00,002,627 | ---- | M] () -- C:\Users\admin\Desktop\Microsoft Office Word 2007.lnk
    [2009/10/29 23:54:59 | 00,291,328 | ---- | M] () -- C:\Users\admin\Desktop\93ncsvmk.exe
    [2009/10/29 21:50:17 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/10/29 18:49:38 | 00,000,904 | ---- | M] () -- C:\Users\admin\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/10/28 17:35:52 | 19,950,520 | ---- | M] (Doctor Web, Ltd.) -- C:\Users\admin\Desktop\drweb-cureit.exe
    [2009/10/28 17:22:06 | 00,731,136 | ---- | M] () -- C:\Users\admin\Desktop\avenger.exe
    [2009/10/28 16:48:57 | 03,440,553 | R--- | M] () -- C:\Users\admin\Desktop\c40iyt67e.exe
    [2009/10/28 15:59:02 | 00,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
    [2009/10/28 15:59:02 | 00,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
    [2009/10/28 13:35:31 | 00,001,876 | ---- | M] () -- C:\Users\admin\Desktop\HijackThis.lnk
    [2009/10/28 12:53:48 | 00,001,987 | ---- | M] () -- C:\Users\admin\Desktop\Windows Live Messenger .lnk
    [2009/10/26 22:55:28 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009/10/26 22:55:28 | 00,000,172 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/10/26 11:19:13 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/10/26 11:19:13 | 00,000,172 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
    [2009/10/24 18:19:24 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009/10/24 18:19:24 | 00,000,172 | -H-- | M] () -- C:\sqmdata01.sqm
    [2009/10/24 17:46:20 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2009/10/24 13:20:42 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    [2009/10/24 13:20:37 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2009/10/24 13:20:36 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
    [2009/10/24 13:20:36 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
    [2009/10/24 13:20:36 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
    [2009/10/24 13:20:36 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

    ========== Files Created - No Company Name ==========

    [2009/10/30 10:29:11 | 00,179,064 | ---- | C] () -- C:\Users\admin\Desktop\Doc1.pdf
    [2009/10/29 23:54:57 | 00,291,328 | ---- | C] () -- C:\Users\admin\Desktop\93ncsvmk.exe
    [2009/10/29 21:50:17 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/10/29 20:25:38 | 02,844,079 | -H-- | C] () -- C:\Users\admin\AppData\Local\IconCache.db
    [2009/10/29 18:49:38 | 00,000,904 | ---- | C] () -- C:\Users\admin\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/10/28 16:48:55 | 03,440,553 | R--- | C] () -- C:\Users\admin\Desktop\c40iyt67e.exe
    [2009/10/28 13:35:31 | 00,001,876 | ---- | C] () -- C:\Users\admin\Desktop\HijackThis.lnk
    [2009/10/28 12:53:48 | 00,001,987 | ---- | C] () -- C:\Users\admin\Desktop\Windows Live Messenger .lnk
    [2009/10/27 11:01:59 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
    [2009/10/27 11:01:59 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2009/10/27 11:01:59 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2009/10/27 11:01:59 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2009/10/27 11:01:59 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2009/10/26 22:55:28 | 00,000,172 | -H-- | C] () -- C:\sqmnoopt03.sqm
    [2009/10/26 22:55:28 | 00,000,172 | -H-- | C] () -- C:\sqmdata03.sqm
    [2009/10/26 11:19:13 | 00,000,172 | -H-- | C] () -- C:\sqmnoopt02.sqm
    [2009/10/26 11:19:13 | 00,000,172 | -H-- | C] () -- C:\sqmdata02.sqm
    [2009/10/24 18:19:24 | 00,000,172 | -H-- | C] () -- C:\sqmnoopt01.sqm
    [2009/10/24 18:19:24 | 00,000,172 | -H-- | C] () -- C:\sqmdata01.sqm
    [2009/10/24 13:20:36 | 44,519,940 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2009/10/24 13:20:36 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
    [2009/10/24 13:20:36 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
    [2009/10/24 13:20:36 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
    [2009/10/24 13:20:36 | 00,068,428 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
    [2009/10/23 22:34:17 | 00,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2009/10/23 22:34:14 | 00,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/06/10 14:12:25 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
    [2009/06/10 14:12:25 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
    [2009/06/10 14:12:25 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
    [2009/05/26 14:39:35 | 00,005,041 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr
    [2009/05/16 02:11:24 | 00,005,556 | -HS- | C] () -- C:\Users\admin\AppData\Roaming\02000000165cf98e598 C.manifest
    [2009/05/16 02:11:24 | 00,002,343 | -HS- | C] () -- C:\Users\admin\AppData\Roaming\02000000165cf98e598 P.manifest
    [2009/05/16 02:11:24 | 00,000,246 | -HS- | C] () -- C:\Users\admin\AppData\Roaming\02000000165cf98e598 O.manifest
    [2009/05/16 02:11:24 | 00,000,011 | -HS- | C] () -- C:\Users\admin\AppData\Roaming\02000000165cf98e598 S.manifest
    [2009/01/27 1405 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
    [2009/01/27 1405 | 00,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\Common
    [2009/01/27 1405 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
    [2009/01/27 1405 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Dance
    [2008/09/10 01:05:58 | 00,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2008/07/23 13:53:56 | 00,004,410 | ---- | C] () -- C:\Users\admin\AppData\Roaming\update.log
    [2007/12/03 19:00:02 | 00,005,632 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/11/30 18:51:01 | 00,007,268 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
    [2007/11/30 18:49:12 | 00,123,696 | ---- | C] () -- C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
    [2007/08/05 01:16:38 | 00,110,112 | ---- | C] () -- C:\Windows\System32\drivers\nvstor32.sys
    [2007/08/05 00:48:20 | 00,008,450 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2007/08/05 00:24:41 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
    [2007/08/05 00:24:40 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
    [2007/05/14 08:28:10 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2007/04/24 13:22:02 | 00,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
    [2006/12/14 02:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/12/14 02:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/11/02 08:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
    [2006/11/02 08:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
    [2006/11/02 08:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 08:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:23:31 | 00,000,254 | ---- | C] () -- C:\Windows\win.ini
    [2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
    [2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== LOP Check ==========

    [2009/10/30 21:54:19 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DNA
    [2009/07/02 01:18:20 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ImTOO Software Studio
    [2008/11/02 01:46:10 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LimeWire
    [2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs
    [2009/05/04 22:05:54 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nikon
    [2007/12/17 11:57:06 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Roxio
    [2008/07/23 1340 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Sellmosoft
    [2007/11/30 18:48:55 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Snapfish
    [2009/03/11 14:32:19 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\U3
    [2008/12/17 10:58:41 | 00,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WinBatch
    [2008/10/01 2042 | 00,000,254 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
    [2009/10/31 10:12:30 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
    [2009/10/31 10:11:03 | 00,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMPFC5A2B2
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7838B9E0
    < End of report >
    Last edited by Bill C; 31-10-2009 at 03:33 PM.

  3. 31-10-2009  #32
    broni
    broni is offline Senior Member
    What should I do w/ the faded-looking desktop.ini icons that have appeared.
    Open Windows Explorer. Go Tools>Folder Options>View tab, make sure Hide protected operating system files is checkmarked.

    Let's see, if Combofix will run now...

    Please download ComboFix from Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  4. 31-10-2009  #33
    Bill C
    Bill C is offline Full Member
    Same thing happened.

    ComboFix's initial scan couldn't access some files because other processes were using them, and then it detected rootkit activity and had to reboot.

    ??
  5. 31-10-2009  #34
    broni
    broni is offline Senior Member
    Try to run it in Safe Mode.
  6. 31-10-2009  #35
    Bill C
    Bill C is offline Full Member
    Tried to run ComboFix in Safe Mode.

    It started the scan through stage 3/4, but Windows went to a blue screen and wanted to shut down.

    I tried it a 2nd time, and the same thing occurred.

    My computer hates ComboFix.

    ??
  7. 01-11-2009  #36
    broni
    broni is offline Senior Member
    Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    Download, and install AVP Tool.
    After installation, leave all settings as they're, and simply click on Scan button.
    When scan is done, and any objects are found, click on Neutralize all button.
    Next, click Reports... button, then Save to file....
    Save the file to know location as report.txt.
    Open report.txt in Notepad, copy all content, and post it in your next reply.

    Post fresh HijackThis log as well.
  8. 01-11-2009  #37
    Bill C
    Bill C is offline Full Member
    Completed the TFC and AVPTool scans.

    Here are the AVPTool and new HijackThis logfiles.

    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


    Scan
    ----
    Scanned: 5923
    Detected: 0
    Untreated: 0
    Start time: 11/1/2009 12:07:04 AM
    Duration: 00:01:42
    Finish time: 11/1/2009 12:08:46 AM


    Detected
    --------
    Status Object
    ------ ------


    Events
    ------
    Time Name Status Reason
    ---- ---- ------ ------
    11/1/2009 12:07:09 AM Running module: smss.exe\smss.exe ok scanned
    11/1/2009 12:07:09 AM File: C:\Windows\System32\smss.exe ok scanned
    11/1/2009 12:07:09 AM Running module: smss.exe\ntdll.dll ok scanned


    Statistics
    ----------
    Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
    ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


    Settings
    --------
    Parameter Value
    --------- -----
    Security Level Recommended
    Action Prompt for action when the scan is complete
    Run mode Manually
    File types Scan all files
    Scan only new and changed files No
    Scan archives All
    Scan embedded OLE objects All
    Skip if object is larger than No
    Skip if scan takes longer than No
    Parse email formats No
    Scan password-protected archives No
    Enable iChecker technology No
    Enable iSwift technology No
    Show detected threats on "Detected" tab Yes
    Rootkits search Yes
    Deep rootkits search No
    Use heuristic analyzer Yes


    Quarantine
    ----------
    Status Object Size Added
    ------ ------ ---- -----


    Backup
    ------
    Status Object Size
    ------ ------ ----

    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:13:02 AM, on 11/1/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18319)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\explorer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Safari\Safari.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - Startup: is-6JRR8.lnk = C:\Users\admin\Desktop\Virus Removal Tool1\is-6JRR8\startup.exe
    O4 - Startup: is-GMUL4.lnk = C:\Users\admin\Desktop\Virus Removal Tool\is-GMUL4\startup.exe
    O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - Sign In
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.stargatewars.com
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\4c56rg7d\HIDEC.exe" "C:\4c56rg7d\SWREG.EXE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\ Root\LEGACY_Beep" /RESET /Q (file missing)
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7012 bytes

    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  9. 01-11-2009  #38
    broni
    broni is offline Senior Member
    Disable Windows Defender, as it'll interfere with cleaning process:
    - Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
    - Click Tools
    then...

    ++ Windows XP:
    - Click General Settings
    - Scroll down to Real Time Protection Options
    - Uncheck Turn on Real Time Protection
    - After you uncheck this, click on the Save button
    - Close Windows Defender

    ++ Windows Vista:
    - Click Options
    - Under Administrator options, clear the Use Windows Defender check box, and then click Save.

    Enable Windows Defender, when all cleaning is done.

    ================================================== =============

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    - O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    - O4 - Startup: is-6JRR8.lnk = C:\Users\admin\Desktop\Virus Removal Tool1\is-6JRR8\startup.exe
    - O4 - Startup: is-GMUL4.lnk = C:\Users\admin\Desktop\Virus Removal Tool\is-GMUL4\startup.exe


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    - O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"


    5. Click on Fix checked button.

    6. Go Start>Run (Vista users - "Start search"), type in:
    cmd
    Click OK (Vista users - hold CTRL, and SHIFT keys, press Enter).

    Command Prompt window will open.
    Type in:
    sc stop PEVSystemStart
    Press Enter.
    Wait for the service to be stopped.

    Type in:
    sc delete PEVSystemStart
    Press Enter.
    Wait for confirmation.


    7. Restart computer.

    8. Post new HijackThis log.
  10. 01-11-2009  #39
    Bill C
    Bill C is offline Full Member
    Performed HijackThis "Fix".

    Performed command prompt tasks. The first part said the service wasn't running. The second pard said deletion was a success.

    Here is the latest HijackThis logfile.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:34:04 AM, on 11/1/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18319)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\DllHost.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - Sign In
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.stargatewars.com
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6867 bytes
  11. 01-11-2009  #40
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    How is redirection issue?
+ Reply to Thread
Page 4 of 12 FirstFirst 1 2 3 4 5 6 7 8 9 10 11 12 LastLast
« [Active] Ive still got adware ive tried every thing please help :) | [Resolved] Computer shuts down - HijackThis log »