[RESOLVED] Google redirect

**Drs Orders** · August 17th, 2010, 08:24 PM

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87E91B85-9A4A-4B1E-930E-3429D146FEB3}" = ScannerCopy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92A70E71-4F0E-4C05-A777-16424E89F162}" = Garmin Communicator Plugin with myGarmin Agent
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A4C7096C-DB17-4B31-BBDB-E805513AA637}" = ACDSee 5.0 Standard Trial
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Home Premium
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1704101-D142-42A4-83E5-F938F13DBD94}" = hpg4000QFolder
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DB68C106-FE03-4D2D-88EC-400443E648D2}" = ABCSpell for Outlook Express
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Ultra Edition
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"16D39E37F50BC2601830CBEFBE403DB1F82CCECD" = Windows Driver Package - Hewlett-Packard Image (03/27/2007 8.3.0.0)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AFPL Ghostscript 7.33" = AFPL Ghostscript 7.33
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner
"ClocX" = ClocX (1.5b2)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Corel Applications" = Corel Applications
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Desktop iCalendar Lite_is1" = Desktop iCalendar Lite 1.1.0
"DPP" = Canon Utilities Digital Photo Professional 3.7
"DSSD_is1" = DSSD
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firefox Preloader_is1" = Firefox Preloader
"G-Zapper 2.5_is1" = G-Zapper v2.5
"HijackThis" = HijackThis 2.0.2
"hp deskjet 960c series" = hp deskjet 960c series (Remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Icon Restore_is1" = Icon Restore 1.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{39E9516D-9846-4E6F-979C-8B28BECE9104}" = NTI CD & DVD-Maker Platinum Trial
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWSnap 3" = MWSnap 3
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"OSS Internet Speed Booster_is1" = OSS Internet Speed Booster 3.0.0.0
"Panerai_is1" = Panerai 1.0
"Photo Pos Pro" = Photo Pos Pro
"RegCure" = RegCure
"Spyware Doctor" = Spyware Doctor 7.0
"SysInfo" = Creative System Information
"Visual Business Cards 4_is1" = Visual Business Cards 4
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Window Washer 5" = Window Washer 5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works" = Microsoft Works 4.5
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2010 9:56:44 AM | Computer Name = ZED | Source = Application Error | ID = 1000
Description = Faulting application lightroom.exe, version 3.0.0.10, faulting module
msvcr90.dll, version 9.0.30729.1, fault address 0x0005bb47.

Error - 7/5/2010 9:56:58 AM | Computer Name = ZED | Source = Application Error | ID = 1000
Description = Faulting application lightroom.exe, version 3.0.0.10, faulting module
msvcr90.dll, version 9.0.30729.1, fault address 0x0005bb47.

Error - 7/11/2010 8:17:03 AM | Computer Name = ZED | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 8:17:03 AM | Computer Name = ZED | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 8:17:45 AM | Computer Name = ZED | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 8:17:46 AM | Computer Name = ZED | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/14/2010 2:45:05 PM | Computer Name = ZED | Source = Google Update | ID = 20
Description =

Error - 8/10/2010 12:14:14 AM | Computer Name = ZED | Source = MsiInstaller | ID = 1013
Description = Product: Pure Networks Platform -- The Pure Networks Platform needs
to be able to configure its network connection manager, but is not able to do so.
If
the Properties dialog for any network connection is currently open, close it and
try to install/uninstall your application again.

Error - 8/10/2010 8:10:24 PM | Computer Name = ZED | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 8/15/2010 10:53:04 PM | Computer Name = ZED | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/16/2010 10:03:40 AM | Computer Name = ZED | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/16/2010 10:20:23 AM | Computer Name = ZED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 8/16/2010 5:52:42 PM | Computer Name = ZED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 8/16/2010 6:09:05 PM | Computer Name = ZED | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/16/2010 8:41:28 PM | Computer Name = ZED | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/17/2010 9:34:38 AM | Computer Name = ZED | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/17/2010 11:31:45 AM | Computer Name = ZED | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/17/2010 12:56:00 PM | Computer Name = ZED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 8/17/2010 5:58:41 PM | Computer Name = ZED | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

< End of report >

**Broni** · August 17th, 2010, 08:44 PM

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

===============================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
PRC - [2008/06/25 00:56:50 | 001,175,628 | ---- | M] () -- C:\Program Files\G-Zapper\GZapper 2.5.EXE
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKCU..\Run: [G-Zapper] C:\Program Files\G-Zapper\GZapper 2.5.E File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.44 213.109.75.130 1.1.1.1
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010/02/08 20:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/02/09 09:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Max Secure
[2010/04/11 13:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/06/12 22:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\IObit
[2010/05/10 22:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\MxBoost
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C6951A3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files\G-Zapper

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

**Drs Orders** · August 18th, 2010, 02:32 PM

Tried in safe mode an still won't run , gets stuck on line 06

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel

**Broni** · August 18th, 2010, 06:37 PM

Make sure to disable AVG.

**Drs Orders** · August 18th, 2010, 06:47 PM

Is there a trick to it Broni. Says he tried through the avg control , the sys icon , and miconfig and when he ran combofix it said it was still running .

**Broni** · August 18th, 2010, 06:56 PM

Yeah, AVG is like that...build in very deeply.
I suggest, he uninstall completely using AVG Remover: http://www.avg.com/us-en/download-tools
He can either reinstall it later, or switch to something else:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1...antivirus.html

**Drs Orders** · August 20th, 2010, 03:40 AM

"OK , I removed AVG through add/remove and also through the registry so it's gone , I did download Avast first but didn't install it , I ran the OTL scan again and it's still stuck on O6 and won't budge so I rebooted and installed Avast , ran it and no viruses there .... "

**Drs Orders** · August 20th, 2010, 02:28 PM

Originally Posted by Drs Orders

"OK , I removed AVG through add/remove and also through the registry so it's gone , I did download Avast first but didn't install it , I ran the OTL scan again and it's still stuck on O6 and won't budge so I rebooted and installed Avast , ran it and no viruses there .... "

Last response from him.

when I ran the scan it didn't say anything about AVG running that time , it just stopped at line O6 ?

**Broni** · August 20th, 2010, 04:39 PM

I removed AVG through add/remove and also through the registry

This is not exactly what I asked for, is it?
Please, run AVG Remover and run OTL script again.
If still no go, remove O6 line from my script and run it that way.

**Drs Orders** · August 20th, 2010, 05:33 PM

No , not at all. Those were quotes from him.
Sent him this last post .

**Broni** · August 20th, 2010, 06:39 PM

OK

**Drs Orders** · August 20th, 2010, 07:22 PM

Quote .. Now it stops at O7 , I'll remove it too and try again ..

All processes killed
========== OTL ==========
No active process named Program was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\ not found.
File not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\G-Zapper not found.
File C:\Program Files\G-Zapper\GZapper 2.5.E File not not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
C:\WINDOWS\002825_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET29.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
Folder C:\Documents and\ not found.
Folder C:\Documents and\ not found.
Folder C:\Documents and\ not found.
Folder C:\Documents and\ not found.
Folder C:\Documents and\ not found.
Unable to delete ADS C:\Documents and Settings\All .
Unable to delete ADS C:\Documents and Settings\All .
Unable to delete ADS C:\Documents and Settings\All .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Paul\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Paul\Desktop\cmd.txt deleted successfully.
C:\Program Files\G-Zapper\Backups folder moved successfully.
C:\Program Files\G-Zapper folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 989880 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3785594 bytes

User: NetworkService
->Temp folder emptied: 995320 bytes
->Temporary Internet Files folder emptied: 10217657 bytes

User: Paul
->Temp folder emptied: 40374334 bytes
->Temporary Internet Files folder emptied: 716712 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 48661032 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 6846 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11210859 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 112.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Paul
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08202010_175459

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

**Broni** · August 20th, 2010, 07:27 PM

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

.....

**Drs Orders** · August 20th, 2010, 08:13 PM

OTL logfile created on: 8/20/2010 7:58:47 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 212.84 Gb Free Space | 91.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZED
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/17 19:30:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2010/08/10 12:26:40 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
PRC - [2010/08/10 12:26:30 | 001,475,848 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/21 10:33:08 | 000,779,528 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/06/24 20:56:50 | 001,175,628 | ---- | M] () -- C:\Program Files\G-Zapper\GZapper 2.5.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/12 10:31:54 | 000,121,856 | ---- | M] (Tom Grandgent) -- C:\Documents and Settings\Paul\Desktop\tmail.exe

========== Modules (SafeList) ==========

MOD - [2010/08/17 19:30:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/20 13:25:22 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2009/07/12 05:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/08/10 12:26:40 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2010/08/10 12:26:30 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/19 22:52:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/21 10:33:10 | 000,947,464 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe -- (Rx2Engine)
SRV - [2010/01/21 10:33:08 | 000,779,528 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe -- (Rx2Agent)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/07/26 15:46:38 | 000,073,728 | ---- | M] (ISOTA, LLC.) [Disabled | Stopped] -- C:\Program Files\Isota\ABCSpell\ABCSpellService.exe -- (ABCSpell Helper Service)
SRV - [2006/07/25 16:54:54 | 000,849,408 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Paul\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/28 16:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/29 17:12:11 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/16 16:23:35 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2010/04/16 16:23:35 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/04/16 16:23:35 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/04/16 16:22:04 | 000,074,338 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/22 12:33:08 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/05/16 18:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/07/25 16:54:02 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2006/07/25 16:52:46 | 000,031,488 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006/07/25 16:51:56 | 000,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/08/15 13:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005/08/15 13:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2002/12/10 18:53:24 | 000,236,121 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2002/05/21 05:50:00 | 000,013,060 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [2001/08/17 09:28:04 | 000,347,550 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es56tpi.sys -- (Edspport)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:0.6.0.8
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76

FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/11 09:49:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/17 22:54:00 | 000,000,000 | ---D | M]

[2010/02/08 17:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2010/08/20 16:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions
[2010/02/08 17:38:00 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/02/08 18:43:22 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/02/11 11:50:05 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/05/09 13:20:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/22 15:30:03 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/05/04 15:42:31 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2010/08/17 19:30:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/20 18:09:40 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/06/17 10:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/02/12 15:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/06 19:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\[email protected]
[2010/02/22 15:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\rxmnocmt.default\extensions\[email protected]
[2010/08/20 16:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/17 22:54:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

**Drs Orders** · August 20th, 2010, 08:16 PM

O1 HOSTS File: ([2010/08/17 11:32:12 | 000,000,091 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 www.google-analytics.com
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [G-Zapper] C:\Program Files\G-Zapper\GZapper 2.5.E File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: phonedetective.com ([www] https in Trusted sites)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...5111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.44 213.109.75.130 1.1.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/29 17:13:23 | 000,000,300 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/08/20 18:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\G-Zapper
[2010/08/20 18:04:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/08/20 16:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Uniblue
[2010/08/20 10:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\ForceField Shared Files
[2010/08/20 10:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\CheckPoint
[2010/08/20 10:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/08/19 22:21:42 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/19 22:21:42 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/19 22:21:41 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/08/19 22:21:40 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/19 22:21:39 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/19 22:21:38 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/19 22:21:38 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/19 22:21:38 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/19 22:21:11 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/19 22:21:11 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/19 21:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/19 21:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/18 19:18:22 | 001,346,042 | ---- | C] ( ) -- C:\Documents and Settings\Paul\My Documents\gzappersetup.exe
[2010/08/17 22:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/17 22:35:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/17 19:30:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/08/17 11:23:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/14 19:16:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/14 19:09:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/14 08:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/08/14 08:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/08/13 10:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Sounds
[2010/08/12 20:00:35 | 000,000,000 | ---D | C] -- C:\6a90c1337582c2e567f20e
[2010/08/12 06:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/11 14:39:40 | 003,205,656 | ---- | C] (Garmin International) -- C:\Documents and Settings\Paul\My Documents\garminmapupdater_naeu_g.exe
[2010/08/11 14:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\GARMIN
[2010/08/11 14:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2010/08/11 14:24:35 | 006,440,112 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Paul\Desktop\Communicator.exe
[2010/08/10 19:36:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul\Recent
[2010/08/10 12:26:36 | 000,237,320 | ---- | C] (Raxco Software, Inc.) -- C:\WINDOWS\System32\PDBoot.exe
[2010/08/10 00:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2010/08/07 09:33:32 | 002,133,040 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Paul\My Documents\avg_avw_stb_all_9_115.exe
[2010/08/03 23:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/07/24 10:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\My Pictures
[2010/07/23 18:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\My Pics
[2010/07/18 12:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2010/07/17 22:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\OSS
[2010/07/14 09:41:31 | 000,000,000 | ---D | C] -- C:\00c5da6a8598ca1b77
[2010/07/05 09:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Adobe Photoshop Lightroom 3
[2010/06/27 12:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thraex Software
[2010/06/27 12:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Pos Pro
[2010/06/20 19:39:18 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0651.old
[2010/06/20 19:39:18 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0652.old
[2010/06/20 19:38:54 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/20 19:38:41 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/20 19:38:41 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/20 19:38:32 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/20 19:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/20 19:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/20 19:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\PC Tools
[2010/06/20 19:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/19 23:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/06/19 22:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/19 22:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/19 22:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/06/19 06:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/06/16 09:23:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/06/16 09:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/06/16 09:23:22 | 000,000,000 | ---D | C] -- C:\3a88b443a6665e4f2a519c
[2010/06/14 13:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\ImageStudio
[2010/06/13 19:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\skypePM
[2010/06/13 19:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Skype
[2010/06/13 19:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/06/13 19:08:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/06/13 19:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/06/11 10:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\ACD Systems
[2010/06/11 10:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Acdsee Pro v3.0 Build 386
[2010/06/10 20:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\ZoomBrowser EX
[2010/06/10 20:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\CANON_INC
[2010/06/10 19:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Canon
[2010/06/10 19:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2010/06/06 14:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\AKVIS LLC
[2010/06/06 14:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AKVIS
[2010/06/06 14:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Downloaded Installations
[2010/04/16 16:23:35 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

Thread: [RESOLVED] Google redirect

Thread Tools

Search Thread

Display

Thread Information

Users Browsing this Thread

Posting Permissions