Page 6 of 6 FirstFirst ... 23456
Results 51 to 60 of 60

Thread: used pc is being cyber abused

  1. 2011-09-26, 00:07 #51
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi musicalpulltoy,

    You should be able to change the default search engine back to google by typing about:config in the FireFox address field. Locate browser.search.defaultenginename, right click and click reset. Or right click and click moify and type Google in the box and click ok.
    Member of UNITE and ASAP
  2. 2011-09-29, 21:53 #52
    musicalpulltoy
    musicalpulltoy is offline
    Senior Member musicalpulltoy's Avatar
    Join Date
    Mar 2009
    Posts
    104

    Default

    hi
    we did that before.
    some where icerdimail lurks waiting to return.
    its done it already.
  3. 2011-09-29, 23:48 #53
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi musicalpulltoy,

    Click your start button > Control panel > add/remove programs and uninstall incredimail if it's present.

    Download OTL to your desktop
    Double click on OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :

    Code:
    :services

:Files
c:\documents and settings\dad\local settings\application data\IM
c:\documents and settings\all users\application data\IncrediMail
c:\documents and settings\all users\application data\IM

:Commands
[createrestorepoint]
    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Reboot your computer


    Next open FireFox. In the address bar type about:config hit enter. Click "I promise to be careful."

    Scroll down to

    browser.search.defaulturl right click and click reset

    Do the same for each of these

    browser.startup.homepage
    keyword.URL

    Next, in the Filter field just above the list type incredimail. Right click and click reset on any entries that are listed.

    Open OTL check the box beside scan all users and click the Run scan button.

    Please post back with both OTL logs, OTL.txt and Extra.txt

    Is incredimail still there?
    Member of UNITE and ASAP
  4. 2011-10-02, 01:52 #54
    musicalpulltoy
    musicalpulltoy is offline
    Senior Member musicalpulltoy's Avatar
    Join Date
    Mar 2009
    Posts
    104

    Default

    hi *<];-)
    i had uninstalled it.
    this time its all out of "all users" though

    OTL logfile created on: 10/1/2011 3:02:53 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\DAD\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.24 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 51.14% Memory free
    4.22 Gb Paging File | 3.77 Gb Available in Paging File | 89.34% Paging File free
    Paging file location(s): [Binary data over 100 bytes]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 34.21 Gb Total Space | 11.37 Gb Free Space | 33.24% Space Free | Partition Type: NTFS
    Drive E: | 232.88 Gb Total Space | 159.77 Gb Free Space | 68.60% Space Free | Partition Type: NTFS

    Computer Name: DJJXF091 | User Name: DAD | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/30 23:32:44 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\OTL.exe
    PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/08/18 08:45:28 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2011/03/16 15:32:59 | 000,325,000 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    MOD - [2010/03/29 13:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)
    SRV - File not found [Disabled | Stopped] -- -- (nosGetPlusHelper) getPlus(R)
    SRV - File not found [Disabled | Stopped] -- -- (DirMon2)
    SRV - File not found [Auto | Stopped] -- -- (DCService.exe)
    SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
    SRV - [2011/08/18 08:45:28 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2008/08/26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
    DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
    DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
    DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
    DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
    DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
    DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
    DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2008/04/14 00:15:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
    DRV - [2008/03/11 15:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
    DRV - [2008/03/11 15:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUVsp.sys -- (PTDUVsp)
    DRV - [2008/03/11 15:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUMdm.sys -- (PTDUMdm)
    DRV - [2008/03/11 15:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUBus.sys -- (PTDUBus)
    DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
    DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
    DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2007/04/23 14:11:54 | 000,224,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
    DRV - [2006/02/23 14:58:25 | 000,167,808 | R--- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
    DRV - [2005/12/14 21:03:19 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2005/05/12 22:17:00 | 000,457,312 | R--- | M] (Atheros Communications, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N3AB.sys -- (N3AB)
    DRV - [2005/03/14 14:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
    DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2004/08/04 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2004/08/04 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2002/04/11 11:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
    DRV - [2001/08/17 13:57:46 | 000,065,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3legacy.sys -- (s3legacy)
    DRV - [2001/08/17 13:50:20 | 000,114,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epstw2k.sys -- (epstw2k)
    DRV - [2001/08/17 12:50:56 | 000,050,432 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiSV.sys -- (SiSV)
    DRV - [2001/08/17 12:50:34 | 000,166,720 | ---- | M] (S3 Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3m.sys -- (s3m)
    DRV - [1999/05/28 14:53:30 | 000,150,872 | R--- | M] (Trident Microsystems Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\TridWnW.sys -- (TridWnW)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

    IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
    FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0
    FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.4
    FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.6.0.1
    FF - prefs.js..extensions.enabledItems: {f36c6cd1-da73-491d-b290-8fc9115bfa55}:2.2.0
    FF - prefs.js..extensions.enabledItems: jsdeobfuscator@adblockplus.org:1.5.7
    FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.10
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\DAD\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\DAD\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/17 16:44:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 08:27:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/08 20:38:57 | 000,000,000 | ---D | M]

    [2009/11/23 22:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Extensions
    [2011/09/27 02:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions
    [2010/11/07 10:53:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/04/14 16:22:47 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
    [2011/09/07 19:41:45 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
    [2011/07/31 18:11:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/09/07 23:43:07 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    [2011/08/18 08:34:41 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
    [2011/09/27 00:14:34 | 000,000,000 | ---D | M] (WorldIP) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}
    [2011/07/13 05:36:08 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\anttoolbar@ant(2).com
    [2011/09/27 02:18:16 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\firebug@software.joehewitt.com
    [2011/09/07 23:43:07 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\firefox@ghostery.com
    [2011/07/13 05:36:10 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\flashfirebug@o-minds(2).com
    [2011/09/27 02:14:47 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\inspector@mozilla.org
    [2011/09/27 00:13:32 | 000,000,000 | ---D | M] (JavaScript Deobfuscator) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\jsdeobfuscator@adblockplus.org
    [2011/03/23 20:42:20 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\searchplugins\conduit.xml
    [2011/08/26 23:22:11 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\searchplugins\MyStart Search.xml
    [2011/09/27 02:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/08/18 08:46:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    [2011/09/17 16:44:50 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    [2011/08/18 08:45:29 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_1\plugins/avgnpss.dll
    CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

    O1 HOSTS File: ([2011/09/07 17:56:45 | 000,436,608 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15043 more lines...
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
    O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Task Catcher] C:\Program Files\BillP Studios\Task Catcher\TaskTrap.exe (BillP Studios)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystemExplorerDisabled [2011/09/01 03:51:19 | 000,000,000 | ---D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1246219383859 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06BD7469-7F5C-4449-9B14-D38A61E9D028}: NameServer = 68.105.28.11,68.105.28.12,68.105.29.12
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/01 14:37:50 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/09/30 23:32:49 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\OTL.exe
    [2011/09/23 17:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\Application Data\gtk-2.0
    [2011/09/23 17:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\.thumbnails
    [2011/09/23 17:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\.gimp-2.6
    [2011/09/23 17:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\My Documents\gegl-0.0
    [2011/09/23 16:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP
    [2011/09/23 16:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
    [2011/09/23 14:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\My Documents\My Drivers
    [2011/09/23 14:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\Local Settings\Application Data\Innovative Solutions
    [2011/09/23 14:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
    [2011/09/23 13:39:52 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\s3legacy.sys
    [2011/09/23 13:39:52 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
    [2011/09/23 13:39:20 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\s3legacy.dll
    [2011/09/23 13:39:20 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
    [2011/09/21 12:58:43 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\TFC.exe
    [2011/09/16 18:36:44 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
    [2011/09/16 18:35:28 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
    [2011/09/16 18:33:53 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
    [2011/09/16 18:33:31 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
    [2011/09/16 18:33:26 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
    [2011/09/16 18:20:23 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll
    [2011/09/16 18:20:23 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll
    [2011/09/16 18:20:23 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
    [2011/09/16 18:20:23 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshom.ocx
    [2011/09/16 18:20:23 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
    [2011/09/16 18:20:23 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll
    [2011/09/16 18:06:03 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
    [2011/09/16 18:05:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
    [2011/09/16 17:50:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2011/09/10 14:05:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2011/09/10 12:42:16 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004152_.tmp.dll
    [2011/09/10 12:39:23 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004145_.tmp.dll
    [2011/09/10 12:39:23 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004150_.tmp.dll
    [2011/09/10 12:39:22 | 000,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004138_.tmp.dll
    [2011/09/10 12:39:22 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004144_.tmp.dll
    [2011/09/10 12:39:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004139_.tmp.dll
    [2011/09/10 12:39:22 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004142_.tmp.dll
    [2011/09/10 12:39:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
    [2011/09/10 12:39:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004143_.tmp.dll
    [2011/09/10 12:39:21 | 000,724,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004134_.tmp.dll
    [2011/09/10 12:39:21 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004131_.tmp.dll
    [2011/09/10 12:39:20 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004125_.tmp.dll
    [2011/09/10 12:39:19 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004124_.tmp.dll
    [2011/09/10 12:39:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
    [2011/09/10 12:39:18 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004114_.tmp.dll
    [2011/09/10 12:39:18 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004111_.tmp.dll
    [2011/09/10 12:39:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004110_.tmp.dll
    [2011/09/10 12:39:18 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004115_.tmp.dll
    [2011/09/10 12:39:17 | 000,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004108_.tmp.dll
    [2011/09/10 12:39:16 | 000,990,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
    [2011/09/10 12:39:15 | 001,858,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
    [2011/09/10 12:39:15 | 001,850,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004100_.tmp.dll
    [2011/09/10 12:39:13 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004098_.tmp.dll
    [2011/09/10 12:39:12 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
    [2011/09/10 12:39:12 | 000,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\_004074_.tmp.dll
    [2011/09/10 11:41:02 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\DAD\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
    [2011/09/09 09:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\Application Data\Safer Networking
    [2011/09/09 02:12:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
    [2011/09/07 19:17:06 | 000,000,000 | ---D | C] -- C:\PerfLogs
    [2011/09/07 11:00:33 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
    [2011/09/05 00:25:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [90 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/10/01 08:40:53 | 133,862,605 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/09/30 23:32:44 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\OTL.exe
    [2011/09/30 19:06:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/09/30 19:04:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/09/27 01:13:30 | 000,037,540 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/09/27 01:11:45 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/09/27 00:30:42 | 000,006,841 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\ban.html
    [2011/09/26 03:08:46 | 000,079,608 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\Now Playing.wpl
    [2011/09/23 17:57:18 | 000,002,167 | ---- | M] () -- C:\Documents and Settings\DAD\.recently-used.xbel
    [2011/09/23 14:48:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/09/21 13:14:55 | 000,167,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/09/21 12:58:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\TFC.exe
    [2011/09/20 13:34:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/09/19 09:56:09 | 000,465,563 | ---- | M] () -- C:\Documents and Settings\DAD\My Documents\ALLLYRICSTODATE.RTF
    [2011/09/17 16:45:45 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2011/09/16 20:06:18 | 000,463,932 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/09/16 20:06:18 | 000,079,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/09/14 15:49:36 | 000,760,320 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\MicrosoftFixit50389.msi
    [2011/09/10 15:32:35 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/09/10 15:32:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/09/10 11:57:20 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\DAD\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
    [2011/09/09 08:49:23 | 000,000,328 | -HS- | M] () -- C:\boot.ini
    [2011/09/09 02:12:31 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2011/09/09 02:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
    [2011/09/09 00:23:12 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\DAD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/09/08 23:14:40 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\everest_cpl.ini
    [2011/09/07 17:56:45 | 000,436,608 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/09/07 17:48:13 | 000,436,608 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110907-175645.backup
    [2011/09/07 17:20:22 | 000,436,608 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110907-174812.backup
    [2011/09/07 17:17:48 | 000,436,163 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110907-172022.backup
    [2011/09/07 11:00:33 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
    [2011/09/02 19:03:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110907-171748.backup

    ========== Files Created - No Company Name ==========

    [2011/09/27 00:30:42 | 000,006,841 | ---- | C] () -- C:\Documents and Settings\DAD\Desktop\ban.html
    [2011/09/24 07:51:03 | 000,079,608 | ---- | C] () -- C:\Documents and Settings\DAD\Desktop\Now Playing.wpl
    [2011/09/23 17:57:18 | 000,002,167 | ---- | C] () -- C:\Documents and Settings\DAD\.recently-used.xbel
    [2011/09/14 15:48:59 | 000,760,320 | ---- | C] () -- C:\Documents and Settings\DAD\Desktop\MicrosoftFixit50389.msi
    [2011/09/09 02:12:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2011/08/27 16:32:41 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\everest_cpl.ini
    [2011/05/28 00:47:06 | 000,037,540 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/04/30 11:53:26 | 000,166,400 | ---- | C] () -- C:\WINDOWS\System32\TridTray.exe
    [2011/04/12 23:13:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2011/03/31 23:15:01 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe
    [2011/03/31 00:26:19 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2009/12/27 18:30:41 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2009/05/08 20:58:20 | 000,002,230 | ---- | C] () -- C:\WINDOWS\BJWIN.INI
    [2009/05/08 20:48:40 | 000,000,027 | ---- | C] () -- C:\WINDOWS\VPWIN.INI
    [2009/03/19 20:49:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ump.INI
    [2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/04/03 20:28:02 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\DAD\Application Data\PFP120JPR.{PB
    [2007/04/03 20:28:02 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\DAD\Application Data\PFP120JCM.{PB
    [2006/11/09 17:24:59 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2006/07/21 20:35:28 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\DAD\Local Settings\Application Data\fusioncache.dat
    [2006/07/17 19:46:23 | 000,102,400 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
    [2006/06/13 12:56:12 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
    [2006/05/21 15:46:23 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2005/12/26 23:00:38 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\DAD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/12/26 18:58:09 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2005/12/23 17:34:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/12/14 21:19:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/12/14 21:12:00 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
    [2005/12/14 21:04:02 | 000,004,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/12/14 21:02:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2005/12/14 20:41:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
    [2005/12/14 20:41:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2005/12/14 20:41:10 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/01/28 07:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/10 11:57:15 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/10 11:51:20 | 000,463,932 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/10 11:51:20 | 000,079,208 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/10 11:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/04/11 11:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
    [2002/03/19 17:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe

    < End of report >
  5. 2011-10-02, 10:53 #55
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi musicalpulltoy,

    this time its all out of "all users" though
    Do you mean it's gone now?

    Next, Double click on OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :

    Code:
    :Services

:OTL
O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found
    Then click the Run Fix button at the top
    • Let the program run unhindered
    Member of UNITE and ASAP
  6. 2011-10-03, 00:20 #56
    musicalpulltoy
    musicalpulltoy is offline
    Senior Member musicalpulltoy's Avatar
    Join Date
    Mar 2009
    Posts
    104

    Default

    hey
    done.
    yes incredimail folder is now gone.
  7. 2011-10-03, 02:10 #57
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi musicalpulltoy,

    If everything seems ok you can remove OTL. Open OTL and click the Clean Up button. The tool will remove itself.

    Take care.
    Member of UNITE and ASAP
  8. 2011-10-03, 21:10 #58
    musicalpulltoy
    musicalpulltoy is offline
    Senior Member musicalpulltoy's Avatar
    Join Date
    Mar 2009
    Posts
    104

    Default

    hey oldman
    finally had enough of me :-D
    youve been more then helpfull.
    THANK YOU MUCH!!
  9. 2011-10-03, 23:52 #59
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi musicalpulltoy,

    It's been a pleasure and you are more than welcome.

    Take care, keep safe.
    Member of UNITE and ASAP
  10. 2011-10-06, 01:15 #60
    oldman960
    oldman960 is offline
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Since this issue appears to be resolved ... this Topic has been closed.
    Member of UNITE and ASAP
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules