Browser Redirecting

starbuck · Jun 22, 2011

That is very odd, have never heard of that before.

Try downloading CF to your desktop and then just click on it to run it.... don't add the script this time.
If the same thing happens i'll ask the developer about the problem.

charlied1 · Jun 22, 2011

I downloaded again and tried to run it just by itself and it does the same thing,don't ask me where it goes I have looked for it.Can't find it.....but one thing I have posted below don't know if it helps or not but a lot of times when i try to click a link and go to a website it redirects me but before the site downloads i click the back button.This is what the page looks like when i do that.............this is where i tried to go to combofix and download it from another place but got redirected

<?xml version="1.0" ?>
- <SearchSuggestion version="2.0" xmlns="http://opensearch.org/searchsuggest2
<Query>combofix</Query>
- <Section title="Google Suggestions
- <Item>
<Text>combofix</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>combofix download</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>combofix.exe</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>combofix download bleeping</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>combofix windows 7</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>combofix.org</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>combofix cnet</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>combofix.exe download</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>combofix review</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
- <Item>
<Text>combofix uninstall</Text>
<Image source="/images/cleardot.gif" alt="f" width="1" height="1" align="middle" />
</Item>
</Section>
</SearchSuggestion>

starbuck · Feb 4, 2014

Hi charlied1

Let's try a different approach.

Step 1
Please update MBAM and run another scan:
Start MBAM
Click on the Update tab

.

Click Check for Updates

The latest Database Version is: 6929

If it says that MBAM needs to close to update it... let it close and then restart.
Then click the Scan button.

Don't forget:

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

Make sure that everything is checked, and click Remove Selected.

When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Click to expand...

Step 2
Download Dr.Web CureIt to the desktop:

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

In your next reply, please submit:
MBAM scan report
Dr Web report.

Please Note:
Dr Web may take a few hours to run, so don't run it if your in a hurry.

Thanks.

charlied1 · Jun 23, 2011

Well Starbuck I ran the dr.web cureit and everything went exactly like you said untill after it was finished and it had done its thing,I made the mistake of minimizing it and found myself unable to do anything couldnt get the desktop back up or anything.HOWEVER I restarted the computer and THE BUG IS GONE!!!!! before i minimized it i noticed it found one thing in the sys32/driver file..I do not know if it saved that log or not but I would really like to know where i would find it if it did.....But as you can imagine I am one happy man right now.I was one more day from a clean install....YOU DA MAN!!!!!

starbuck · Jun 23, 2011

Hi charlied1

I made the mistake of minimizing it and found myself unable to do anything couldnt get the desktop back up or anything
Click to expand...

In the enhanced protection mode Dr.Web CureIt! is run on a protected desktop where no other application can be launched.
This would have been why you couldn't do anything while it was still running.

I do not know if it saved that log or not but I would really like to know where i would find it if it did.
Click to expand...

Unfortunately you have to click to save the report at the end.

Sounds like we're making headway now.
Did you run the updated MBAM scan?
if so and anything was found, please let me have the report.

Can you let me have another OTL report so that i can check to see if all the traces of AVG have been removed.

Please use these instructions:

Double click on OTL to run it.

Under Extra Registry section, select Use SafeList.

Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.

Click on Run Scan at the top left hand corner.

When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Thanks

charlied1 · Jun 23, 2011

I am away from the computer for another hr or so but as soon as I get back in front of it I will send the report...I ran Maleware bytes but it found nothing

charlied1 · Jun 23, 2011

OTL Extras logfile created on: 6/23/2011 5:25:56 PM - Run 7
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Dorothy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.42% Memory free
5.09 Gb Paging File | 4.49 Gb Available in Paging File | 88.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 440.61 Gb Free Space | 94.60% Space Free | Partition Type: NTFS
Drive D: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPUTER_5 | User Name: Dorothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\ARGA\MainMenu\TarLAOKPkg2008.exe" = C:\ARGA\MainMenu\TarLAOKPkg2008.exe:*:Enabled:TarLAOKPKG -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{02AF8333-27BE-35F1-B5B6-EBCD89F846AF}" = Catalyst Control Center Localization Spanish
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0C5AA351-4C6B-8452-0DEB-DD9FFF4DB53F}" = CCC Help Chinese Standard
"{0D94B4A1-E09B-87B8-5FFD-6F720B5430BD}" = CCC Help French
"{0FA8B0C1-CBBD-5348-CA3F-B6EE90B7F186}" = Catalyst Control Center Graphics Light
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{137603DC-0050-D41D-DAEF-9CC1D6899B7B}" = Catalyst Control Center Localization Chinese Traditional
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A6570E5-D0C8-CEC5-C8AE-EE6EB1C72286}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4547C5-F62E-BA06-17D7-37EDB842D0FA}" = CCC Help Korean
"{2191089C-FCB6-0DE1-8DFA-62481BA15887}" = CCC Help Polish
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23DBDF71-1070-B12D-DE81-3DE82BD0EE0F}" = Catalyst Control Center Localization Japanese
"{260954A3-6960-C01E-6F40-1CE0A93BF626}" = Catalyst Control Center Localization German
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2822B2F8-1509-1CCC-D6B4-488085F4DB4F}" = CCC Help Finnish
"{29B36F38-1071-DE31-F13F-AB772EACB520}" = CCC Help Dutch
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{382B1538-6CF7-D096-0943-1CC4697BD96C}" = CCC Help Japanese
"{3972733B-D4D3-D199-94AC-ED8C897A5D77}" = CCC Help Swedish
"{434E3EEC-60B2-F0EF-41F7-2D2D18DC120E}" = CCC Help Norwegian
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{497C2376-FB2E-C042-7AE0-143AED4D04FB}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6DF1FE-DA7B-9A5B-01AA-091314B3BFEE}" = Catalyst Control Center Graphics Full New
"{534FA2AB-C09D-F3F8-355B-74289B4A25B0}" = CCC Help Spanish
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5B1172A6-1EF8-55B9-B6D1-E88DAF7461A0}" = Catalyst Control Center Localization Czech
"{5B1F1DF4-BBF7-A78C-8BE5-4F12A1964638}" = Skins
"{5E2A655C-F4C2-CDE8-D463-78865149ABAF}" = Catalyst Control Center Graphics Full Existing
"{626C2AA3-7E89-5A04-F774-C0E016399765}" = Catalyst Control Center Localization Danish
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687BE4C6-3F13-BB68-41D0-D2ACBE9657E4}" = Catalyst Control Center Localization Norwegian
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7098EEF7-5B96-F14D-E07D-44169831FE89}" = ccc-core-preinstall
"{79E2005B-4D5D-3C7A-D85A-21E24F693607}" = Catalyst Control Center Localization Greek
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7D08B393-0FBF-F9D4-1EF0-7088B5A4FFE4}" = Catalyst Control Center Localization Dutch
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88589E54-FDD1-9333-DED9-BCE0155E9241}" = ccc-utility
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B43AE66-21A4-1534-3804-E2E5B0B1B74B}" = Catalyst Control Center Localization Italian
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{98927BFC-813F-3A04-A75C-6E131E31F34D}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE22123-D4EE-4D3A-BE87-B5B2622537EF}" = Catalyst Control Center - Branding
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4C6B25C-F9C5-3AD8-AF30-260DF75C23D3}" = CCC Help Turkish
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A8747D14-8760-1A5B-70C9-D30C3DC2E5C8}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B582A79C-312D-3673-5A6C-54F3EE7CDDDA}" = Catalyst Control Center Localization Polish
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE88C27E-9418-D76D-BA11-D127932DD6A8}" = Catalyst Control Center Localization Russian
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1CA7048-1331-D216-8648-DE0AD1C2D2D2}" = Catalyst Control Center Localization Turkish
"{C3020228-A899-0F93-1168-E9D8AFDB3755}" = Catalyst Control Center Localization Chinese Standard
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C67E3460-4EA6-C3B0-DA09-D2613FE52083}" = Catalyst Control Center Localization Swedish
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEFB064E-A177-1354-ECBE-2F752819F4F3}" = Catalyst Control Center Localization Hungarian
"{CEFFFB30-308B-B39C-E9D5-C804BB35F76D}" = CCC Help Russian
"{CFAF67D2-FD21-D3DE-E095-1CB4AF3D8DE4}" = ccc-core-static
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D3BE386D-4A1F-D06B-51F3-B9C010FB60B7}" = Catalyst Control Center Localization Portuguese
"{D810B249-16C2-78C4-BC52-04333C4EEED4}" = CCC Help Greek
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DAF37B83-F3A5-626F-B9E2-9B931B37C653}" = CCC Help Czech
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E13CDA67-9248-54B4-127A-C1BE8FCF54AA}" = CCC Help Portuguese
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E6EA750D-733D-5CFB-FE09-FE9D2965870A}" = Catalyst Control Center Localization Finnish
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E8A6BB83-F875-53E1-6BC4-EDD490B68988}" = CCC Help Chinese Traditional
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9D314E9-A0BE-3B0F-7301-86928C6CF336}" = CCC Help Hungarian
"{EA684ACD-4EE8-3ACE-9D2A-19B86C156DC0}" = Catalyst Control Center Localization Korean
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F166954A-2FBD-B21E-D823-C9072424B1B3}" = CCC Help Thai
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F465A8CB-63C4-56FD-EE07-D176CEB333DA}" = CCC Help Danish
"{F54AD6C3-0E7D-8706-AACE-D42F889FC7FF}" = Catalyst Control Center Localization French
"{F706E9C5-7543-FE75-2B75-B46E56EEF062}" = CCC Help Italian
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"AccuAuto for Windows" = AccuAuto for Windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ARGA Rating Menu" = ARGA Rating Menu
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"F3B506E1FDAEA4DC6669B53B2D3F0B68FBA20C2D" = Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee Internet Security
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 6/21/2011 4:30:00 PM | Computer Name = COMPUTER_5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/21/2011 6:30:06 PM | Computer Name = COMPUTER_5 | Source = BROWSER | ID = 8009
Description = The browser was unable to promote itself to master browser. The computer
that currently believes it is the master browser is WEEZY-PC.

Error - 6/21/2011 9:55:39 PM | Computer Name = COMPUTER_5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 6/21/2011 11:30:00 PM | Computer Name = COMPUTER_5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/22/2011 4:30:00 AM | Computer Name = COMPUTER_5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/22/2011 10:48:32 AM | Computer Name = COMPUTER_5 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSEH

Error - 6/22/2011 11:30:00 AM | Computer Name = COMPUTER_5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/22/2011 2:06:04 PM | Computer Name = COMPUTER_5 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSEH

Error - 6/23/2011 2:30:51 PM | Computer Name = COMPUTER_5 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSEH

Error - 6/23/2011 3:30:04 PM | Computer Name = COMPUTER_5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

< End of report >
_______________________________________________________________________________________________________________________

OTL logfile created on: 6/23/2011 5:25:56 PM - Run 7
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Dorothy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.42% Memory free
5.09 Gb Paging File | 4.49 Gb Available in Paging File | 88.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 440.61 Gb Free Space | 94.60% Space Free | Partition Type: NTFS
Drive D: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPUTER_5 | User Name: Dorothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dorothy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dorothy\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (0162351308866908mcinstcleanup) McAfee Application Installer Cleanup (0162351308866908) -- C:\WINDOWS\Temp\0162351308866908mcinst.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

========== Driver Services (SafeList) ==========

DRV - (VolSnap) -- C:\WINDOWS\System32\drivers\volsnap.sys ()
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SASKUTIL) -- C:\Documents and Settings\Dorothy\Local Settings\Temp\SAS_SelfExtract\saskutil.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV) -- C:\Documents and Settings\Dorothy\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KMWDFILTER) -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKLM\software\mozilla\Firefox\extensions\\gcffxtbr@WeatherBlink.com: C:\Program Files\WeatherBlink\bar\1.bin [2011/06/20 09:07:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 15:15:23 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/06/23 15:11:52 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110511092843.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275605401658 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.174.16.4 204.174.18.2
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dorothy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dorothy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/03 17:26:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 04:02:01 | 000,000,055 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\BlueBirds.exe -- [2009/04/29 04:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 17:08:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/23 17:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/23 13:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorothy\DoctorWeb
[2011/06/22 21:33:58 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/06/22 21:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/06/22 21:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/06/22 21:27:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/22 21:26:35 | 000,233,976 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/06/22 21:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/22 21:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/06/22 21:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/06/22 19:28:38 | 007,866,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dorothy\Desktop\mseinstall.exe
[2011/06/22 13:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorothy\Start Menu\Programs\BrowserPlus
[2011/06/22 13:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorothy\Local Settings\Application Data\Yahoo!
[2011/06/22 13:10:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 17:16:54 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dorothy\Desktop\tdsskiller.exe
[2011/06/21 08:59:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/21 07:58:45 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/21 07:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/06/21 07:45:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dorothy\Recent
[2011/06/21 07:24:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/21 07:24:18 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/06/21 07:00:25 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/06/21 07:00:22 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011/06/20 22:28:50 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dorothy\Desktop\OTL.exe
[2011/06/20 19:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/06/20 10:51:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/06/20 09:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/06/19 23:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorothy\Application Data\vlc
[2011/06/17 17:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorothy\Application Data\SUPERAntiSpyware.com
[2011/06/17 17:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/17 15:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/17 15:26:14 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/17 15:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/17 13:40:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/05/26 12:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/23 17:00:35 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/23 17:00:23 | 000,054,376 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/06/23 17:00:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 16:59:38 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2011/06/23 15:30:11 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/23 15:11:52 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/23 14:03:31 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/23 13:30:53 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/22 22:24:13 | 000,599,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/22 21:19:44 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Dorothy\Desktop\sdsetup_aff (1).exe
[2011/06/22 20:58:17 | 000,002,324 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/22 20:54:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 19:28:38 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dorothy\Desktop\mseinstall.exe
[2011/06/22 18:54:19 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/22 17:34:16 | 000,000,333 | ---- | M] () -- C:\Documents and Settings\Dorothy\Desktop\Preparation for Malware removal help - Computer Help Forums.url
[2011/06/21 17:16:57 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dorothy\Desktop\tdsskiller.exe
[2011/06/21 09:04:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dorothy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/21 08:41:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/21 07:58:38 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/21 03:54:50 | 000,052,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2011/06/20 22:28:53 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dorothy\Desktop\OTL.exe
[2011/06/20 19:22:54 | 000,251,392 | ---- | M] () -- C:\Documents and Settings\Dorothy\Desktop\hijackthis_sfx.exe
[2011/06/20 08:15:29 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/06/20 07:59:25 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Dorothy\Desktop\http--clients5.google.com-complete-searchhl=en-us&q=facebook&client=ie8&inputencoding=UTF-8&outputencoding=UTF-8.url
[2011/06/19 16:52:41 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Dorothy\My Documents\cc_20110619_165238.reg
[2011/06/18 09:12:08 | 000,001,350 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/06/17 15:26:16 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 14:15:20 | 000,118,820 | ---- | M] () -- C:\Documents and Settings\Dorothy\My Documents\cc_20110617_141516.reg
[2011/06/17 11:42:03 | 054,936,320 | ---- | M] () -- C:\Documents and Settings\Dorothy\Desktop\1995.QDF
[2011/06/16 10:47:29 | 000,000,427 | ---- | M] () -- C:\WINDOWS\TaskGrid.cfg
[2011/06/13 09:04:28 | 000,001,536 | ---- | M] () -- C:\WINDOWS\MKDEWE.TRN
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/26 12:25:38 | 000,000,227 | ---- | M] () -- C:\Documents and Settings\Dorothy\Desktop\AccuAuto.Net.url
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 21:26:41 | 000,599,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/22 21:21:12 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Dorothy\Desktop\sdsetup_aff (1).exe
[2011/06/22 19:27:55 | 000,002,324 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/06/21 09:04:54 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Dorothy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/21 09:04:54 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Dorothy\Start Menu\Programs\Internet Explorer.lnk
[2011/06/21 08:40:56 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/21 07:57:48 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/20 22:34:07 | 000,000,333 | ---- | C] () -- C:\Documents and Settings\Dorothy\Desktop\Preparation for Malware removal help - Computer Help Forums.url
[2011/06/20 19:22:54 | 000,251,392 | ---- | C] () -- C:\Documents and Settings\Dorothy\Desktop\hijackthis_sfx.exe
[2011/06/20 07:59:25 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Dorothy\Desktop\http--clients5.google.com-complete-searchhl=en-us&q=facebook&client=ie8&inputencoding=UTF-8&outputencoding=UTF-8.url
[2011/06/19 16:52:40 | 000,002,356 | ---- | C] () -- C:\Documents and Settings\Dorothy\My Documents\cc_20110619_165238.reg
[2011/06/18 09:12:08 | 000,001,350 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/06/17 15:26:16 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 14:15:17 | 000,118,820 | ---- | C] () -- C:\Documents and Settings\Dorothy\My Documents\cc_20110617_141516.reg
[2011/05/26 12:25:38 | 000,000,227 | ---- | C] () -- C:\Documents and Settings\Dorothy\Desktop\AccuAuto.Net.url
[2011/05/13 14:01:48 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/03/31 14:43:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/06 11:47:45 | 000,139,620 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2010/09/06 11:47:45 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2010/06/29 11:16:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/04 14:01:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2010/06/04 13:32:43 | 000,616,960 | ---- | C] () -- C:\WINDOWS\System32\ravepack.dll
[2010/06/04 13:18:58 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/06/03 20:07:21 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Dorothy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/03 19:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/06/03 18:38:18 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/06/03 18:38:18 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/06/03 18:38:18 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/06/03 18:38:18 | 000,176,216 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/06/03 17:50:41 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/06/03 17:28:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/03 17:23:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/03 12:17:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/03 12:16:12 | 000,289,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/26 23:45:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/11/26 23:45:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/11/26 23:45:08 | 000,458,736 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/26 23:45:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/11/26 23:45:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/11/26 23:45:08 | 000,077,998 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/26 23:45:08 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2008/11/26 23:45:08 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/11/26 23:45:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/11/26 23:45:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/11/26 23:45:08 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/11/26 23:45:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/11/26 23:45:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/07/31 01:00:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\atibrtmon.exe
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/08/22 05:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/22 03:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >

starbuck · Feb 4, 2014

Hi charlied1

Let's clean up a few entries from the other programs you used... just to make sure they've gone.
Your Java also needs updating.

Step 1
Double click on OTL to run it.
Copy the lines in bold below. (make sure that :Otl is on the first line )

tl
SRV - (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot) -- File not found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
[2011/06/21 07:58:45 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/21 07:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/06/21 07:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/06/17 17:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorothy\Application Data\SUPERAntiSpyware.com
[2011/06/17 17:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/23 13:30:53 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/22 18:54:19 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

:commands
[emptytemp]

Return to OTL,

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.

Click the red Run Fix button.

OTL will reboot your system once the fix has completed.

After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

Step 2
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) 6 Update 26 and save it to your desktop.

Scroll down to where it says "Java SE 6 Update 26".

Click the "Download JRE" button to the right.

Accept the license agreement.

select 'Windows x86'offline from the list.

Save the file to your desktop.

Close any programs you may have running - especially your web browser.

Then from your desktop double-click on jre-6u26-windows-i586-p.exe to install the newest version.

In your next reply, please submit:
Otl fix report
and let me know if Java updated ok.

Thanks.

Log in or Sign up

Browser Redirecting

starbuck Rest In Peace Pete Administrator

charlied1 Registered Members

starbuck Rest In Peace Pete Administrator

charlied1 Registered Members

starbuck Rest In Peace Pete Administrator

charlied1 Registered Members

charlied1 Registered Members

starbuck Rest In Peace Pete Administrator

Share This Page

Log in or Sign up

Browser Redirecting

starbuck Rest In Peace Pete Administrator

charlied1 Registered Members

starbuck Rest In Peace Pete Administrator

charlied1 Registered Members

starbuck Rest In Peace Pete Administrator

charlied1 Registered Members

charlied1 Registered Members

starbuck Rest In Peace Pete Administrator

Share This Page

Useful Searches