[RESOLVED] Google redirect

Printable View

Show 40 post(s) from this thread on one page

August 20th, 2010, 06:39 PM
Broni

OK :)
August 20th, 2010, 07:22 PM
Drs Orders

Quote .. Now it stops at O7 , I'll remove it too and try again ..

All processes killed
========== OTL ==========
No active process named Program was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\ not found.
File not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\G-Zapper not found.
File C:\Program Files\G-Zapper\GZapper 2.5.E File not not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
C:\WINDOWS\002825_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET29.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
Folder C:\Documents and\ not found.
Folder C:\Documents and\ not found.
Folder C:\Documents and\ not found.
Folder C:\Documents and\ not found.
Folder C:\Documents and\ not found.
Unable to delete ADS C:\Documents and Settings\All .
Unable to delete ADS C:\Documents and Settings\All .
Unable to delete ADS C:\Documents and Settings\All .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Paul\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Paul\Desktop\cmd.txt deleted successfully.
C:\Program Files\G-Zapper\Backups folder moved successfully.
C:\Program Files\G-Zapper folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 989880 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3785594 bytes

User: NetworkService
->Temp folder emptied: 995320 bytes
->Temporary Internet Files folder emptied: 10217657 bytes

User: Paul
->Temp folder emptied: 40374334 bytes
->Temporary Internet Files folder emptied: 716712 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 48661032 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 6846 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11210859 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 112.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Paul
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08202010_175459

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
August 20th, 2010, 07:27 PM
Broni

Quote:

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

.....
August 20th, 2010, 08:13 PM
Drs Orders

OTL logfile created on: 8/20/2010 7:58:47 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 212.84 Gb Free Space | 91.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZED
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/17 19:30:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2010/08/10 12:26:40 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
PRC - [2010/08/10 12:26:30 | 001,475,848 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/21 10:33:08 | 000,779,528 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/06/24 20:56:50 | 001,175,628 | ---- | M] () -- C:\Program Files\G-Zapper\GZapper 2.5.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/12 10:31:54 | 000,121,856 | ---- | M] (Tom Grandgent) -- C:\Documents and Settings\Paul\Desktop\tmail.exe

========== Modules (SafeList) ==========

MOD - [2010/08/17 19:30:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/20 13:25:22 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2009/07/12 05:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/08/10 12:26:40 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2010/08/10 12:26:30 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/19 22:52:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/21 10:33:10 | 000,947,464 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe -- (Rx2Engine)
SRV - [2010/01/21 10:33:08 | 000,779,528 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe -- (Rx2Agent)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/07/26 15:46:38 | 000,073,728 | ---- | M] (ISOTA, LLC.) [Disabled | Stopped] -- C:\Program Files\Isota\ABCSpell\ABCSpellService.exe -- (ABCSpell Helper Service)
SRV - [2006/07/25 16:54:54 | 000,849,408 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Paul\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/28 16:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/29 17:12:11 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/16 16:23:35 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2010/04/16 16:23:35 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/04/16 16:23:35 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/04/16 16:22:04 | 000,074,338 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/22 12:33:08 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/05/16 18:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/07/25 16:54:02 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2006/07/25 16:52:46 | 000,031,488 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006/07/25 16:51:56 | 000,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/08/15 13:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005/08/15 13:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2002/12/10 18:53:24 | 000,236,121 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2002/05/21 05:50:00 | 000,013,060 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [2001/08/17 09:28:04 | 000,347,550 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es56tpi.sys -- (Edspport)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:0.6.0.8
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76

FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 09:49:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/17 22:54:00 | 000,000,000 | ---D | M]

[2010/02/08 17:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2010/08/20 16:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions
[2010/02/08 17:38:00 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/02/08 18:43:22 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/02/11 11:50:05 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/05/09 13:20:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/22 15:30:03 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/05/04 15:42:31 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2010/08/17 19:30:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/20 18:09:40 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/06/17 10:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/02/12 15:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/06 19:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\[email protected]
[2010/02/22 15:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\[email protected]
[2010/08/20 16:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/17 22:54:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
August 20th, 2010, 08:16 PM
Drs Orders

O1 HOSTS File: ([2010/08/17 11:32:12 | 000,000,091 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 www.google-analytics.com
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [G-Zapper] C:\Program Files\G-Zapper\GZapper 2.5.E File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: phonedetective.com ([www] https in Trusted sites)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...5111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.44 213.109.75.130 1.1.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/29 17:13:23 | 000,000,300 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/08/20 18:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\G-Zapper
[2010/08/20 18:04:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/08/20 16:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Uniblue
[2010/08/20 10:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\ForceField Shared Files
[2010/08/20 10:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\CheckPoint
[2010/08/20 10:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/08/19 22:21:42 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/19 22:21:42 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/19 22:21:41 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/19 22:21:40 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/19 22:21:39 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/19 22:21:38 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/19 22:21:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/19 22:21:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/19 22:21:11 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/19 22:21:11 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/19 21:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/19 21:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/18 19:18:22 | 001,346,042 | ---- | C] ( ) -- C:\Documents and Settings\Paul\My Documents\gzappersetup.exe
[2010/08/17 22:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/17 22:35:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/17 19:30:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/08/17 11:23:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/14 19:16:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/14 19:09:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/14 08:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/08/14 08:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/08/13 10:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Sounds
[2010/08/12 20:00:35 | 000,000,000 | ---D | C] -- C:\6a90c1337582c2e567f20e
[2010/08/12 06:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/11 14:39:40 | 003,205,656 | ---- | C] (Garmin International) -- C:\Documents and Settings\Paul\My Documents\garminmapupdater_naeu_g.exe
[2010/08/11 14:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\GARMIN
[2010/08/11 14:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2010/08/11 14:24:35 | 006,440,112 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Paul\Desktop\Communicator.exe
[2010/08/10 19:36:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul\Recent
[2010/08/10 12:26:36 | 000,237,320 | ---- | C] (Raxco Software, Inc.) -- C:\WINDOWS\System32\PDBoot.exe
[2010/08/10 00:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2010/08/07 09:33:32 | 002,133,040 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Paul\My Documents\avg_avw_stb_all_9_115.exe
[2010/08/03 23:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/07/24 10:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\My Pictures
[2010/07/23 18:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\My Pics
[2010/07/18 12:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2010/07/17 22:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\OSS
[2010/07/14 09:41:31 | 000,000,000 | ---D | C] -- C:\00c5da6a8598ca1b77
[2010/07/05 09:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Adobe Photoshop Lightroom 3
[2010/06/27 12:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thraex Software
[2010/06/27 12:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Pos Pro
[2010/06/20 19:39:18 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0651.old
[2010/06/20 19:39:18 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0652.old
[2010/06/20 19:38:54 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/20 19:38:41 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/20 19:38:41 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/20 19:38:32 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/20 19:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/20 19:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/20 19:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\PC Tools
[2010/06/20 19:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/19 23:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/06/19 22:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/19 22:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/19 22:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/06/19 06:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/06/16 09:23:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/06/16 09:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/06/16 09:23:22 | 000,000,000 | ---D | C] -- C:\3a88b443a6665e4f2a519c
[2010/06/14 13:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\ImageStudio
[2010/06/13 19:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\skypePM
[2010/06/13 19:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Skype
[2010/06/13 19:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/06/13 19:08:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/06/13 19:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/06/11 10:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\ACD Systems
[2010/06/11 10:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Acdsee Pro v3.0 Build 386
[2010/06/10 20:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\ZoomBrowser EX
[2010/06/10 20:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\CANON_INC
[2010/06/10 19:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Canon
[2010/06/10 19:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2010/06/06 14:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\AKVIS LLC
[2010/06/06 14:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AKVIS
[2010/06/06 14:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Downloaded Installations
[2010/04/16 16:23:35 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
August 20th, 2010, 08:17 PM
Drs Orders

========== Files - Modified Within 90 Days ==========

[2010/08/20 19:43:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/20 19:43:01 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/20 18:05:47 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\G-Zapper.lnk
[2010/08/20 18:04:25 | 000,186,500 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/20 18:04:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 18:03:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/20 18:02:52 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/20 18:01:47 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Paul\NTUSER.DAT
[2010/08/20 18:01:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Paul\ntuser.ini
[2010/08/20 17:26:56 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/20 17:26:56 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/20 17:26:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/20 16:56:31 | 000,001,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PerfectSpeed PC Optimizer.lnk
[2010/08/20 16:37:52 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\ACDSee 5.0.lnk
[2010/08/20 10:53:39 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/08/20 10:26:18 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/20 10:21:10 | 046,256,640 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\zaSetup_93_014_000_en.exe
[2010/08/19 22:27:11 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\License.avastlic
[2010/08/19 22:21:42 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2010/08/19 22:21:39 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/19 22:17:05 | 053,970,344 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\setup_av_pro(2).exe
[2010/08/19 19:39:52 | 000,002,537 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 8.lnk
[2010/08/18 19:18:22 | 001,346,042 | ---- | M] ( ) -- C:\Documents and Settings\Paul\My Documents\gzappersetup.exe
[2010/08/18 17:00:45 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PerfectDisk 11.lnk
[2010/08/18 13:27:14 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to OTL.exe.lnk
[2010/08/17 19:30:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/08/17 11:32:12 | 000,000,091 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/16 22:57:00 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\My Garmin.lnk
[2010/08/16 10:38:36 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\msconfig.exe.lnk
[2010/08/15 13:59:49 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\Shortcut to ComboFix.exe.lnk
[2010/08/14 23:19:56 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Notepad.lnk
[2010/08/14 21:19:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\MBRCheck.exe
[2010/08/14 19:10:05 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/08/14 19:09:45 | 000,001,579 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\msconfig.exe.lnk
[2010/08/12 06:45:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2010/08/11 14:39:44 | 003,205,656 | ---- | M] (Garmin International) -- C:\Documents and Settings\Paul\My Documents\garminmapupdater_naeu_g.exe
[2010/08/11 14:24:47 | 006,440,112 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Paul\Desktop\Communicator.exe
[2010/08/10 20:21:41 | 000,201,649 | ---- | M] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2010/08/10 20:21:38 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Photo Pos Pro.lnk
[2010/08/10 20:08:50 | 002,153,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/10 20:06:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 20:04:43 | 000,584,354 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/10 20:04:43 | 000,504,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/10 20:04:43 | 000,087,854 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/10 19:58:34 | 000,075,872 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/10 19:55:19 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/08/10 19:49:25 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Paul\NTUSER.bak
[2010/08/10 19:36:28 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\CCleaner.lnk
[2010/08/10 12:26:36 | 000,237,320 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\PDBoot.exe
[2010/08/10 00:24:44 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\Network Magic Folders.lnk
[2010/08/10 00:17:25 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/08/10 00:17:02 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/08/09 22:08:18 | 000,000,798 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.backup
[2010/08/07 09:33:43 | 002,133,040 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Paul\My Documents\avg_avw_stb_all_9_115.exe
[2010/08/03 19:41:50 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2010/08/03 19:41:45 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware bytes.lnk
[2010/07/18 12:28:39 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\ACDSee 5.0.lnk
[2010/07/18 12:27:13 | 000,002,038 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\ACD FotoCanvas Lite 2.0.lnk
[2010/07/17 22:52:52 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\OSS Internet Booster.lnk
[2010/07/15 10:18:27 | 000,000,600 | ---- | M] () -- C:\WINDOWS\Calendar.INI
[2010/07/08 20:06:13 | 000,000,388 | ---- | M] () -- C:\ACScnLog.ini
[2010/07/01 22:13:25 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/07/01 22:13:12 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Calculator.lnk
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/24 18:38:28 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Ps CS2.lnk
[2010/06/20 19:42:27 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/19 23:04:09 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Adobe Ps CS4.lnk
[2010/06/19 22:22:19 | 1060,086,801 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\Adobe Photoshop CS4 Extended Keygen & Patch.rar
[2010/06/19 06:38:57 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Photo Professional.lnk
[2010/06/14 05:57:49 | 000,528,384 | ---- | M] (PowerOfSoftware) -- C:\WINDOWS\System32\PosGRP.dll
[2010/06/13 19:13:04 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\I_D.doc
[2010/06/13 19:11:46 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/13 19:08:46 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/11 10:18:46 | 057,634,648 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\AP3-egydown.rar
[2010/06/04 18:32:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/01 11:58:20 | 000,053,248 | ---- | M] (PowerOfSoftware) -- C:\WINDOWS\System32\PosTBsknLib.dll
August 20th, 2010, 08:18 PM
Drs Orders

========== Files Created - No Company Name ==========

[2010/08/20 16:56:31 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PerfectSpeed PC Optimizer.lnk
[2010/08/20 10:26:18 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/20 10:19:22 | 046,256,640 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\zaSetup_93_014_000_en.exe
[2010/08/19 22:27:10 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\License.avastlic
[2010/08/19 22:21:42 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2010/08/19 22:15:09 | 053,970,344 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\setup_av_pro(2).exe
[2010/08/18 13:27:13 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to OTL.exe.lnk
[2010/08/16 22:57:00 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\My Garmin.lnk
[2010/08/15 13:59:49 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\Shortcut to ComboFix.exe.lnk
[2010/08/14 21:19:54 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\MBRCheck.exe
[2010/08/14 19:16:23 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/08/14 19:16:21 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/12 06:45:14 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\HijackThis.lnk
[2010/08/11 23:10:11 | 000,433,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/10 19:59:33 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 19:40:37 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Paul\NTUSER.tmp.LOG
[2010/08/10 00:24:44 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\Network Magic Folders.lnk
[2010/08/10 00:17:25 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2010/08/03 19:41:50 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2010/08/03 19:41:45 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware bytes.lnk
[2010/07/18 12:32:02 | 000,002,509 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\ACDSee 5.0.lnk
[2010/07/18 12:27:13 | 000,002,038 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\ACD FotoCanvas Lite 2.0.lnk
[2010/07/17 22:52:52 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\OSS Internet Booster.lnk
[2010/07/01 22:13:25 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2010/07/01 22:13:12 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Calculator.lnk
[2010/06/27 12:28:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WSYS049.SYS
[2010/06/27 12:25:23 | 000,201,649 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2010/06/27 12:25:23 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Photo Pos Pro.lnk
[2010/06/24 18:38:28 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Ps CS2.lnk
[2010/06/20 20:07:53 | 000,000,388 | ---- | C] () -- C:\ACScnLog.ini
[2010/06/20 19:42:27 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/20 19:39:18 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0652.old
[2010/06/20 19:38:54 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/20 19:38:41 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/20 19:38:41 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/20 19:38:32 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/19 23:04:09 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Adobe Ps CS4.lnk
[2010/06/19 21:44:07 | 1060,086,801 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\Adobe Photoshop CS4 Extended Keygen & Patch.rar
[2010/06/19 06:38:57 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Photo Professional.lnk
[2010/06/15 16:12:15 | 000,002,537 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 8.lnk
[2010/06/13 19:22:28 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/06/13 19:11:46 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/13 19:08:46 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/12 22:14:41 | 000,002,491 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\ACDSee 5.0.lnk
[2010/06/11 10:16:49 | 057,634,648 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\AP3-egydown.rar
[2010/04/29 16:40:03 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2010/04/16 16:23:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2010/04/06 06:10:15 | 000,225,411 | ---- | C] () -- C:\WINDOWS\System32\PosPrKpLib.dll
[2010/04/06 06:10:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\PosTickerLib.dll
[2010/02/21 15:01:27 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Calendar.INI
[2010/02/18 19:34:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/15 09:02:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DSSD.ini
[2010/02/10 20:38:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2010/02/10 12:53:39 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2010/02/10 12:53:12 | 000,011,653 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/10 12:51:54 | 000,000,768 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/02/09 09:17:02 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/02/09 08:59:02 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\fusioncache.dat
[2010/02/09 08:43:56 | 000,029,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/02/08 21:07:36 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2010/02/08 21:07:36 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2010/02/08 17:09:32 | 000,005,627 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2010/02/08 17:09:32 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/12/14 22:47:56 | 000,526,848 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2008/05/16 18:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 18:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 18:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 18:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 18:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/04/19 06:46:22 | 000,002,519 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM9.DLL
[2005/09/23 07:52:14 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\OneWay.dll
[2005/05/03 07:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2002/06/27 19:47:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2002/06/27 19:47:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2002/06/27 19:47:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2002/06/27 19:47:14 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2002/06/02 10:05:40 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\1Way.dll
[2002/03/21 12:51:52 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 12:51:52 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 12:51:52 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 12:51:52 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 12:51:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 12:51:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 12:51:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 21:01:06 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/08/01 00:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1995/08/18 02:00:00 | 000,150,016 | ---- | C] () -- C:\WINDOWS\crlasp95.dll

========== LOP Check ==========

[2010/06/11 10:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/08/19 21:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/29 17:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2010/02/08 20:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/02/09 09:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Max Secure
[2010/04/11 13:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/08/16 22:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/09 08:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ACD Systems
[2010/06/06 14:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\AKVIS LLC
[2010/04/29 17:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Ascentive
[2010/06/10 19:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Canon
[2010/08/20 10:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\CheckPoint
[2010/02/21 15:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\desksware
[2010/08/11 14:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\GARMIN
[2010/03/12 18:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Image Zone Express
[2010/06/12 22:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\IObit
[2010/02/08 18:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Isota
[2010/03/05 14:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Jasc
[2010/02/08 23:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2010/05/10 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\MxBoost
[2010/04/18 12:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Opera
[2010/08/20 16:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Uniblue

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C6951A3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
August 20th, 2010, 08:25 PM
Broni
OK. Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Go to Kaspersky website and perform an online antivirus scan.
- Disable your active antivirus program.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  - Spyware, Adware, Dialers, and other potentially dangerous programs
  - Archives
  - Mail databases
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
August 22nd, 2010, 02:15 PM
Drs Orders

QUote > Ran everything and here is the one log .. Ran Kapersky and it was fine too .

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 9.0
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
August 22nd, 2010, 02:16 PM
Broni

Perfect!

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

===============================================================

Your computer is clean https://discussions.virtualdr.com/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. Run defrag at your convenience.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
August 22nd, 2010, 02:20 PM
Drs Orders

Thanks Broni, Wil do .
I thought he said he removed AVG . I see it in his log i just posted .
August 22nd, 2010, 02:44 PM
Broni

Oh, I see, what you're saying.
His current AV program is Avast, correct?
If so, make sure, he runs AVG Remover: http://www.avg.com/us-en/download-tools
Also, make sure his Avast is current and running correctly.
August 22nd, 2010, 02:48 PM
Drs Orders

Will do thanks .
August 22nd, 2010, 02:50 PM
Broni

Sure thing :)
August 22nd, 2010, 03:12 PM
Drs Orders

Quote >

I still have the redirect virus or what ever it is , I can open anything that I have bookmarked but when I do a google search for something it will bring me to a totally off topic page , I close that tab and hit the link again and it works ?
Other than that the confuser is running great ?
August 22nd, 2010, 03:15 PM
Broni

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

Now, we need to reset router...

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
Restart computer and check for redirections
August 22nd, 2010, 03:18 PM
Drs Orders

Thanks Broni . you are going way beyond the call of duty on this one .
Appreciate it .
August 22nd, 2010, 03:22 PM
Broni

Well, I need to make sure, the computer is 100% cured :)
August 22nd, 2010, 07:24 PM
Drs Orders

Quote >
So far it is good , been checking up on all kinds of stuff and it is taking me to what I should be at .

With your permission i will mark it resolved.

and thanks for all the time and effort you put into fixing it Broni.
August 22nd, 2010, 07:29 PM
Broni

Good news :)
Go ahead :)

Show 40 post(s) from this thread on one page