Page 1 of 9 12345 ... LastLast
Results 1 to 10 of 90

Thread: Redirect Problems San Jose CA

  1. 2010-11-06, 21:20 #1
    Jack Fischer
    Jack Fischer is offline
    Member
    Join Date
    May 2010
    Posts
    54

    Default Redirect Problems San Jose CA

    My browser intermittently directs me to unwanted pages when I click a link. It also throws open new windows and goes to unwanted sites when the machine is unattended. Today I tried twice to run DDS as instructed here but both times it started the process and then rebooted Windows XP partway through. I'd be very grateful for any help. -- Jack Fischer
  2. 2010-11-15, 01:17 #2
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Jack Fischer ,

    Sorry for the delay.

    If you still need help, please delete the DDS file that you have and download a fresh copy from one of the links below. Please post new DDS logs.

    Link 1
    Link 2
    Link 3

    Otherwise, this topic will be closed after 3 days.
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  3. 2010-11-16, 23:18 #3
    Jack Fischer
    Jack Fischer is offline
    Member
    Join Date
    May 2010
    Posts
    54

    Default

    I just found your email in my spam folder. Please don't close this thread. I'll download a new copy of dds to night and get back to you with results

    Thanks!

    jack
  4. 2010-11-18, 05:22 #4
    Jack Fischer
    Jack Fischer is offline
    Member
    Join Date
    May 2010
    Posts
    54

    Default Redirect Problems in San Jose, CA

    I downloaded a new copy of dds as suggested and it did the same thing the old copy did when I tried to run it. It gathers information for a minute or two and then it reboots Windows without generating a file. What can we try now?

    Thanks and best,

    jack fischer
    san jose, ca
  5. 2010-11-18, 05:47 #5
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Jack ,

    I downloaded a new copy of dds as suggested and it did the same thing the old copy did when I tried to run it. It gathers information for a minute or two and then it reboots Windows without generating a file. What can we try now?
    Did a blue screen appear? The reboot must be caused by the automatic restart on system failure setting. We need to change that to be able to gather some information in case it reoccurs.

    Reboot your computer and tap on the F8 key repeatedly during startup. A menu will appear.

    Select Disable automatic restart on system failure by using the arrow keys and Enter.




    Please provide the error message information as shown in the picture when it happens:



    The stop error will be always be displayed, but the other information may or may not be available. Just provide whatever is available.

    --------------------

    Please download OTL© by OldTimer from one of the links below and save it to your desktop.

    Link 1
    Link 2

    Scan with OTL
    • Double click on OTL.exe to run it.
    • Make sure all the Use SafeList options is checked (ticked). There are six of them.
    • Check Scan All Users.
    • At the lower right corner, check LOP Check and Purity Check.
    • Click on Run Scan at the top left hand corner. This might take a while.
    • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
      Note: These files are saved as OTL.txt and Extras.txt on the desktop.


    --------------------

    Please close all programs and do not run any others before and during the GMER scan. Do not use the computer for anything else until after the scan is completed.

    Please download GMER and save it to your desktop. Click here.
    • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
    • If you need help to disable your protection programs see here and here.
    • Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
    • In the right panel, you will see several boxes that have been checked (ticked).
      • Uncheck IAT/EAT
      • Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
      • Uncheck Show All (don't miss this one)
    • Then click the Scan button and wait for it to finish.
    • Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
    • Enable back your security softwares as soon as you completed the GMER steps.
      Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.


    --------------------

    Please post back:
    1. the answer to my question about the blue screen
    2. error message from the blue screen if it happen again
    3. OTL logs (OTL.txt and Extras.txt)
    4. GMER result
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  6. 2010-11-19, 06:42 #6
    Jack Fischer
    Jack Fischer is offline
    Member
    Join Date
    May 2010
    Posts
    54

    Default Redirect Problems in San Jose, CA

    I was able to get through all the steps except the last. The GMER application would start running as soon as it was launched and almost immediately crash the system and give me the same error message as when I tried to run DDS.

    That error information is as follows:
    DRIVER_IRQL_NOT_LESS_OR_EQUAL

    TEHCNICAL INFO:

    STOP:0x000000D1 (0x0A140017,0x00000005,0x00000000,0xF77C6E3E)

    IdeChnDr.sys - Address F77C6E3E base at F77C3000,DateStamp 3bd89c65

    Here's the first log:

    OTL logfile created on: 11/18/2010 8:35:34 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 377.00 Mb Available Physical Memory | 37.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.21 Gb Total Space | 9.94 Gb Free Space | 26.71% Space Free | Partition Type: NTFS
    Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
    PRC - [2010/10/28 08:40:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/10/28 08:39:57 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/08/02 15:10:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/08/02 15:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/08/02 15:09:56 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/01/14 21:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/13 16:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/06/10 09:39:16 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2007/02/13 01:39:09 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    PRC - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
    PRC - [2005/06/06 22:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    PRC - [2001/09/23 07:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\DellMMKb.exe
    PRC - [2001/09/22 14:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
    PRC - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    PRC - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
    PRC - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP2.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
    MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/08/22 21:28:18 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/08/02 15:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/08/02 15:09:56 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
    SRV - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
    SRV - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)
    SRV - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2010/08/02 15:10:10 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/08/02 15:10:10 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 14:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 14:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/03/04 16:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
    DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP)
    DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap)
    DRV - [2009/09/11 19:19:14 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
    DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/01/07 12:31:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2007/01/23 14:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2007/01/23 14:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2007/01/23 14:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2007/01/23 14:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2007/01/23 14:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2006/12/07 14:56:02 | 000,015,104 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
    DRV - [2006/03/28 16:55:20 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
    DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
    DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)
    DRV - [2002/01/10 23:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
    DRV - [2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(r)
    DRV - [2001/11/06 00:00:00 | 000,013,654 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
    DRV - [2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
    DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
    DRV - [2001/08/17 05:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
    DRV - [2001/08/17 04:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
    DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
    DRV - [2001/08/09 18:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
    DRV - [2001/07/25 17:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys -- (winachsf)
    DRV - [2001/07/18 19:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
    DRV - [2001/07/18 19:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
    DRV - [2001/07/18 19:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
    DRV - [2001/07/18 19:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
    DRV - [2001/07/18 19:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
    DRV - [2001/07/18 19:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
    DRV - [2001/07/18 19:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
    DRV - [2001/07/18 19:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
    DRV - [2000/10/03 15:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (Msikbd2k)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
    IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 10:11:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 20:21:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/08 20:09:14 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/11/18 20:21:09 | 000,000,000 | ---D | M]

    [2010/10/10 11:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions
    [2010/10/10 11:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/11/07 10:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions
    [2009/08/09 07:07:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/07/13 21:34:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/02/23 18:36:34 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\askcom.xml
    [2010/02/23 18:38:45 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\bing.xml
    [2010/11/07 10:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/13 21:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/09 21:00:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/06 14:50:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2004/12/22 08:08:32 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    [2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

    O1 HOSTS File: ([2010/06/05 17:01:14 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DellMMKb.exe (Netropa Corp.)
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] File not found
    O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
    O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
    O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
    O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: ([]msn in My Computer)
    O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://dev-www.fileplanet.com/fpdlmg...C_1_0_0_41.cab (FilePlanet Download Control Class)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeup...tent/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase9602.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {60F5C72D-84E8-445A-94E7-F84C3A33E924} http://haserv1.liveglobalbid.com/lgbmpr.cab (LgbMediaPlayer Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1124349026031 (WUWebControl Class)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab (HouseCall Control)
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab (EPSImageControl Class)
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/...l/gtdownde.cab (Dell PC Checkup Installer Control)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/01/04 22:19:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{4713e108-c71e-11de-a6f7-00055d371377}\Shell - "" = AutoRun
    O33 - MountPoints2\{4713e108-c71e-11de-a6f7-00055d371377}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{4713e108-c71e-11de-a6f7-00055d371377}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{6f61693c-091a-11dd-a5a9-00038a000015}\Shell\AutoRun\command - "" = E:\PortableVault.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/18 20:34:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
    [2010/11/06 14:50:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/11/06 14:50:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/11/06 14:50:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2010/11/05 17:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWiSHzone.com
    [1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/18 20:35:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
    [2010/11/18 20:32:45 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
    [2010/11/18 20:32:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/18 20:31:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/18 20:30:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/18 20:30:43 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/18 20:21:10 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/11/18 20:18:57 | 000,000,312 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
    [2010/11/17 21:52:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/17 20:14:07 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\dds.scr
    [2010/11/15 21:42:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/11/13 15:59:43 | 000,249,722 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\att bill wireless and landline.pdf
    [2010/11/07 10:41:50 | 000,432,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/07 10:41:50 | 000,067,562 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/06 12:19:16 | 058,025,396 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\avira_antivir_personal_en.zip
    [2010/11/04 17:53:49 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/17 20:14:05 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\dds.scr
    [2010/11/13 15:59:43 | 000,249,722 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\att bill wireless and landline.pdf
    [2010/11/06 12:12:21 | 058,025,396 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\avira_antivir_personal_en.zip
    [2010/10/24 20:11:23 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/01/22 07:32:49 | 000,000,221 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2007/07/12 19:47:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\EAL.INI
    [2007/07/12 19:47:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PICTURM8.ini
    [2007/02/26 22:56:21 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
    [2006/09/13 19:52:59 | 000,000,058 | ---- | C] () -- C:\WINDOWS\sview.ini
    [2006/09/13 19:44:36 | 000,131,072 | -H-- | C] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\svfiles.log
    [2006/01/18 18:58:06 | 000,000,681 | ---- | C] () -- C:\WINDOWS\arp.INI
    [2006/01/18 17:21:52 | 000,000,079 | ---- | C] () -- C:\WINDOWS\dpss.ini
    [2006/01/16 22:13:27 | 000,000,395 | ---- | C] () -- C:\WINDOWS\DSSCC.INI
    [2005/05/29 23:56:24 | 000,015,409 | ---- | C] () -- C:\WINDOWS\System32\lqmsaaaa.dll
    [2005/05/29 13:40:58 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
    [2005/05/29 13:40:07 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
    [2005/05/29 13:40:07 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
    [2005/05/25 20:24:58 | 000,002,640 | ---- | C] () -- C:\WINDOWS\System32\lqkaaaaa.dll
    [2005/05/25 20:23:56 | 000,011,304 | ---- | C] () -- C:\WINDOWS\System32\haghkdf.dll
    [2005/05/25 19:26:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/05/25 19:26:06 | 000,108,301 | ---- | C] () -- C:\WINDOWS\System32\comprsvp.dll
    [2004/12/16 19:33:46 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
    [2004/11/29 22:28:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2004/10/06 21:23:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MFSBaseLib2889.dll
    [2004/10/06 21:23:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\MFSIFLib2889.dll
    [2004/09/25 22:08:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS1280.ini
    [2004/09/12 10:25:40 | 000,000,621 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2004/08/16 17:30:47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
    [2004/08/16 17:30:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2004/05/30 15:18:38 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2004/04/14 15:13:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
    [2004/04/09 06:06:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\EPSPTDV.DLL
    [2004/03/22 20:44:47 | 000,002,552 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
    [2004/03/22 20:44:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ICE.INI
    [2004/03/08 19:59:17 | 000,000,590 | ---- | C] () -- C:\WINDOWS\hegames.ini
    [2004/02/09 19:36:21 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
    [2004/01/27 07:45:49 | 000,108,273 | ---- | C] () -- C:\WINDOWS\System32\autokdll.dll
    [2004/01/27 07:45:49 | 000,103,575 | ---- | C] () -- C:\WINDOWS\System32\read87em.dll
    [2004/01/27 07:45:47 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\plusideo.dll
    [2004/01/10 19:42:03 | 000,050,012 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
    [2004/01/08 09:05:51 | 000,110,708 | ---- | C] () -- C:\WINDOWS\System32\mtxo0081.dll
    [2004/01/08 09:04:32 | 000,111,252 | ---- | C] () -- C:\WINDOWS\System32\hostgwiz.dll
    [2004/01/08 09:01:42 | 000,102,687 | ---- | C] () -- C:\WINDOWS\System32\1252sutb.dll
    [2004/01/08 08:57:36 | 000,110,292 | ---- | C] () -- C:\WINDOWS\System32\ltwvodex.dll
    [2004/01/08 08:57:23 | 000,103,708 | ---- | C] () -- C:\WINDOWS\System32\vbamgnt5.dll
    [2004/01/05 21:18:58 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
    [2004/01/05 19:34:24 | 000,000,080 | ---- | C] () -- C:\WINDOWS\webica.ini
    [2004/01/05 19:07:42 | 000,000,580 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/01/05 17:31:34 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/01/05 00:39:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPC60.ini
    [2004/01/04 22:43:20 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
    [2004/01/04 22:43:20 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
    [2004/01/04 22:43:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
    [2004/01/04 22:43:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2004/01/04 22:32:37 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\lsasqdv.dll
    [2004/01/04 22:18:14 | 000,103,103 | ---- | C] () -- C:\WINDOWS\System32\esenonui.dll
    [2004/01/04 14:00:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/01/04 13:59:55 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\noisshrm.dll
    [2004/01/04 13:59:51 | 000,103,475 | ---- | C] () -- C:\WINDOWS\System32\freebteg.dll
    [2003/11/03 15:38:02 | 000,007,731 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
    [2003/03/27 15:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
    [2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
    [2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
    [2001/08/18 04:00:00 | 000,110,736 | ---- | C] () -- C:\WINDOWS\System32\msv1arp.dll
    [2001/08/18 04:00:00 | 000,109,089 | ---- | C] () -- C:\WINDOWS\System32\kbdcela3.dll
    [2001/08/18 04:00:00 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\ntshpi32.dll
    [2001/08/18 04:00:00 | 000,105,666 | ---- | C] () -- C:\WINDOWS\System32\msexjsel.dll
    [2001/08/18 04:00:00 | 000,105,321 | ---- | C] () -- C:\WINDOWS\System32\msh2pgrd.dll
    [2001/08/18 04:00:00 | 000,104,363 | ---- | C] () -- C:\WINDOWS\System32\wshoepad.dll
    [2001/08/17 14:36:34 | 000,111,008 | ---- | C] () -- C:\WINDOWS\System32\javax11n.dll
    [1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
    [1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
    [1995/09/15 16:31:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

    ========== LOP Check ==========

    [2008/12/14 14:33:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2009/11/15 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2010/03/07 17:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2008/10/14 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
    [2010/03/07 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
    [2006/01/18 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2010/06/05 14:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/03/23 17:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/12 21:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/11/09 22:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/06 20:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2006/01/11 22:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Acoustica
    [2009/09/11 20:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Amazon
    [2010/08/02 07:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Cisco
    [2006/01/18 19:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Digital Photo Slide Show
    [2005/04/14 18:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ICAClient
    [2004/01/05 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Leadertech
    [2004/05/19 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Learn2.com
    [2006/01/20 19:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Netscape
    [2008/05/01 20:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Opera
    [2009/11/14 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\QuadToneRIP
    [2010/10/10 11:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird
    [2004/05/30 15:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ubi.com
    [2006/01/18 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Ulead Systems
    [2010/06/05 14:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Uniblue

    ========== Purity Check ==========



    < End of report >

    second log to follow in separate message.
  7. 2010-11-19, 06:43 #7
    Jack Fischer
    Jack Fischer is offline
    Member
    Join Date
    May 2010
    Posts
    54

    Smile Redirect Problems in San Jose, CA

    extras log:

    OTL Extras logfile created on: 11/18/2010 8:35:34 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 377.00 Mb Available Physical Memory | 37.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.21 Gb Total Space | 9.94 Gb Free Space | 26.71% Space Free | Partition Type: NTFS
    Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- File not found
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
    "C:\Program Files\Common Files\AOL\1136874479\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1136874479\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
    "{0C3831BF-D6CA-43A1-B32D-9A0CCCF9DD9E}" = Tunebite
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
    "{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
    "{146ED22B-BC11-4017-BBE8-E393848AA92A}" = MUSICMATCH iPod Plug-in
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{37306C0F-1248-4C2E-9B86-E964AAA81101}" = Minolta DiMAGE Scan Dual3 ver 1.0
    "{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
    "{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
    "{73006B34-9743-4A39-AC37-38EDFCEB6DCE}" = Adobe Product/Adobe Studio Update 10/2001
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
    "{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A6392127-1223-4C7F-BBC8-87CCB449F96C}" = ArcSoft WebCam Companion 2
    "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
    "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
    "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide
    "{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{D94B11F6-EDA8-466D-9E0F-5D49DED06FA0}" = ArcSoft Magic-i 3
    "{DB978C71-BB58-4F94-AE95-18C119196937}" = ICC Color Profiles
    "{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EAE92D24-1E4B-4B3B-894D-622E942939DA}" = Google Desktop Plugin - eBay Watcher
    "{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1
    "3DGroove" = 3D Groove Playback Engine
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "ATI Display Driver" = ATI Display Driver
    "Avery Wizard 2.1 MSW10" = Avery® Wizard 2.1 for Microsoft® Word 2002
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0" = Conexant HSF V92 56K Data Fax PCI Modem
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Elf Bowling 3" = Elf Bowling 3 (remove only)
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ERUNT_is1" = ERUNT 1.1j
    "FreshDevices - FreshDiagnose_is1" = FreshDiagnose
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "Google Updater" = Google Updater
    "hp deskjet 5550 series_Driver" = hp deskjet 5550 series
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "Ink Monitor" = Ink Monitor
    "InstallShield_{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide
    "InstallShield_{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1
    "LameACM" = Lame ACM MP3 Codec
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSN Music Assistant" = MSN Music Assistant
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "QTRgui" = QTRgui
    "Real Estate Transaction Viewer" = Real Estate Transaction Viewer
    "RealPlayer 6.0" = RealPlayer
    "REAP LITE" = REAP LITE
    "Shockwave" = Shockwave
    "Shutterfly Plugin" = Shutterfly Plugin
    "Sierra Uninstall" = Sierra On-Line Games (Remove only)
    "Silent Package Run-Time Sample" = EPSON PictureMate User's Guide
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "USB Driver Vers. 3.2" = USB Driver Vers. 3.2
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Works2002Setup" = Microsoft Works 2002 Setup Launcher
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/19/2010 6:36:16 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4624687

    Error - 10/19/2010 6:36:16 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4624687

    Error - 10/19/2010 6:36:19 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/19/2010 6:36:19 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4628078

    Error - 10/19/2010 6:36:19 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4628078

    Error - 10/19/2010 6:36:21 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/19/2010 6:36:21 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4630031

    Error - 10/19/2010 6:36:21 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4630031

    Error - 10/24/2010 4:23:09 PM | Computer Name = DELL | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3937, faulting
    module xul.dll, version 1.9.2.3937, fault address 0x00720448.

    Error - 10/24/2010 4:23:18 PM | Computer Name = DELL | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3937, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    [ System Events ]
    Error - 11/6/2010 12:55:41 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
    Service service to connect.

    Error - 11/6/2010 12:55:41 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
    Description = The IMAPI CD-Burning COM Service service failed to start due to the
    following error: %%1053

    Error - 11/6/2010 3:22:15 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
    Description = The EPSON V3 Service2(02) service has reported an invalid current
    state 0.

    Error - 11/6/2010 4:05:34 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
    Description = The EPSON V3 Service2(02) service has reported an invalid current
    state 0.

    Error - 11/6/2010 4:09:53 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
    Service service to connect.

    Error - 11/6/2010 4:09:53 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
    Description = The IMAPI CD-Burning COM Service service failed to start due to the
    following error: %%1053

    Error - 11/11/2010 1:47:28 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
    Description = The MgiSvr service has reported an invalid current state 32.

    Error - 11/13/2010 4:44:00 AM | Computer Name = DELL | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.9 for the Network Card with network
    address 00055D371377 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 11/18/2010 12:14:22 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
    Description = The EPSON V3 Service2(02) service has reported an invalid current
    state 0.

    Error - 11/19/2010 12:22:05 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
    Description = The EPSON V3 Service2(02) service has reported an invalid current
    state 0.


    < End of report >

    What's next?

    Best,

    jack
  8. 2010-11-20, 05:17 #8
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Jack ,

    Is this a business computer?

    Validate Windows
    • Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here.
    • Double click on MGADiag.exe to run it.
    • Click Continue.
    • The program will run. It takes a while to finish the diagnosis, please be patient.
    • Once done, click on Copy.
    • Open Notepad and paste the contents in. Save this file and post it in your next reply.


    --------------------

    Check for additional security risks
    • Please download CKScanner© by askey127 and save to your desktop. Click here.
    • Double click on CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
    • Post the contents of ckfiles.txt in your reply, it is located on your desktop.


    --------------------

    Please download Rootkit Unhooker and save it to your desktop. Click here.
    • Extract the file to the desktop using 7-Zip or a suitable archive utility that handles RAR files.
    • Double click on RkU3.8.388.590.exe to run the installer and follow the steps accordingly.
    • Once complete, start Rookit Unhooker by going to Start > All Programs >, then Rookit Unhooker LE and click on RkU.
    • Click the Report tab, then click Scan.
    • Ensure the following are checked (ticked):
      • Drivers
      • Stealth Code
      • Files
      • Code Hooks
    • Uncheck the rest, then click OK. An initial scan will be performed.
    • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
    • Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
    • Save the report somewhere you can find it. Click Close to exit.
    • Copy the entire contents of the report and paste it in your next reply.


    You may get a warning about parasite detection. Please click OK to continue.

    --------------------

    Please post back:
    1. the answer to my question about your computer
    2. MGADiag result
    3. CKScanner log
    4. the Rookit Unhooker log
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  9. 2010-11-20, 21:31 #9
    Jack Fischer
    Jack Fischer is offline
    Member
    Join Date
    May 2010
    Posts
    54

    Smile Redirect Problems in San Jose, CA

    Okay, did it all!

    It is a home computer, not a business computer. Here is the MGADiag result:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
    Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
    Windows Product ID: 55277-OEM-2111907-00102
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010300.3.0.hom
    ID: {1ADDB1BF-7C41-47ED-AE8E-11FA6D83E63A}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.7.17.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: 0
    File Exists: Yes
    Version: 1.7.17.0
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 114 Blocked VLK 2
    Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003]
    File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003]
    File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{1ADDB1BF-7C41-47ED-AE8E-11FA6D83E63A}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1078081533-688789844-1801674531</SID><SYSTEM><Manufacturer>Dell Computer Corporation </Manufacturer><Model>DIM4400 </Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20020108000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>14E03EAF0184C06E</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57456</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 1E840:Dell Inc|112F5:Dell Inc|112F5:Microsoft Corporation
    Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

    OEM Activation 2.0 Data-->
    N/A


    And here is CKScanner file. All it generated was this:

    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.RP.11
    ----- EOF -----


    And, last, here is the RKU report. The program wouldn't let me "save report." It was grayed out. But it had a quick report option and this is what it generated. It's way shorter than the full list the program generated:

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #1
    ==============================================
    ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80570833-->F2F55E96 [Unknown module filename]
    ntoskrnl.exe-->NtCreateThread, Type: Address change 0x80587A3C-->F2F55E8C [Unknown module filename]
    ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80595316-->F2F55E9B [Unknown module filename]
    ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x80592D64-->F2F55EA5 [Unknown module filename]
    ntoskrnl.exe-->NtLoadKey, Type: Address change 0x805AEE7B-->F2F55EAA [Unknown module filename]
    ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x805719AC-->F2F55E78 [Unknown module filename]
    ntoskrnl.exe-->NtOpenThread, Type: Address change 0x8058E5C4-->F2F55E7D [Unknown module filename]
    ntoskrnl.exe-->NtReplaceKey, Type: Address change 0x8064F446-->F2F55EB4 [Unknown module filename]
    ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x8064EFDD-->F2F55EAF [Unknown module filename]
    ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80572A6E-->F2F55EA0 [Unknown module filename]


    What's next?

    Thanks and best,

    jack
  10. 2010-11-21, 06:05 #10
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Jack ,

    The Microsoft Office Professional Edition 2003 on your computer is a non-genuine copy. It was installed with a now blocked Volume Licensing Key (VLK) that was valid and only available to corporations, education entities and government agencies. VLKs are blocked by Microsoft at the request and consent of the original keyholder for such reasons as the key was lost, stolen, compromised, misused, or expired. Also, Microsoft may have blocked the key if it notices a pattern of misuse, that is more installations of XP using that key than authorized.
    A VL Product Key is non-transferable to individuals.

    Please read the fourth post of the Forum Rules .
    Note:
    We do not support the use of illegal Pirated/Warez/Cracked software.

    If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.
    If you still want help, please remove the illegal items from your computer, and if you still need the softwares, get legal ones from legitimate sources.
    If you advised that the illegal softwares have been removed and I find it otherwise (the tools we use can and will detect them), then I will have no choice but to have this topic closed.
    If there are more such new findings after this, the topic will also be closed.

    You may return to the seller to demand for a replacement with a genuine copy or get a full refund. Have a read here to see if you qualify for Genuince Office Offer. As an alternative, you can also try OpenOffice.
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules