Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Why is my search redirected to random websites?

  1. #11
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Then post the results of the log it produces.
    I needed to see this
    I was referring to the report from the OTL fix


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  2. #12
    Junior Member
    Join Date
    Jan 2011
    Posts
    13

    Default

    Woops! Here's the log for the OTL from yesterday in the meantime:
    OTL logfile created on: 28/01/2011 10:45:48 PM - Run 3
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Dana\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 456.98 Gb Total Space | 279.14 Gb Free Space | 61.09% Space Free | Partition Type: NTFS
    Drive D: | 8.78 Gb Total Space | 1.00 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
    Drive E: | 3.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive K: | 7.55 Gb Total Space | 6.60 Gb Free Space | 87.37% Space Free | Partition Type: FAT32

    Computer Name: DANA-PC | User Name: Dana | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Dana\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe ()
    PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    PRC - C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
    PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Dana\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)


    ========== Win32 Services (SafeList) ==========

    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
    SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
    DRV - (fssfltr) -- C:\WINDOWS\System32\drivers\fssfltr.sys (Microsoft Corporation)
    DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (taphss) -- C:\WINDOWS\System32\drivers\taphss.sys (AnchorFree Inc)
    DRV - (Point32) -- C:\WINDOWS\System32\drivers\point32k.sys (Microsoft Corporation)
    DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
    DRV - (hcw18bda) -- C:\WINDOWS\System32\drivers\hcw18bda.sys (Hauppauge Computer Works, Inc)
    DRV - (ElRawDisk) -- C:\WINDOWS\System32\drivers\dddsk.sys (EldoS Corporation)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
    DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
    DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
    DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
    DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "http://www.google.ca/ig?rls=ig&hl=en&source=iglk"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.7.3
    FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
    FF - prefs.js..keyword.URL: "http://www.samenc.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=9PyNom5m&q="

    FF - user.js..browser.search.selectedEngine: "Search"
    FF - user.js..keyword.URL: "http://www.samenc.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=9PyNom5m&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 09:15:19 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 15:19:38 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/14 15:19:38 | 000,000,000 | ---D | M]

    [2009/08/03 17:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dana\AppData\Roaming\Mozilla\Extensions
    [2010/11/16 16:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\4cg5rcw3.default\extensions
    [2009/08/04 18:47:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\4cg5rcw3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/02/28 10:54:58 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\4cg5rcw3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2009/12/18 22:35:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\4cg5rcw3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(71)
    [2010/11/16 16:59:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\4cg5rcw3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/07/02 12:31:32 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\4cg5rcw3.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
    [2010/06/30 09:23:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\4cg5rcw3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/06/29 14:51:29 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\4cg5rcw3.default\extensions\facepad@lazyrussian.com
    [2010/08/13 14:09:11 | 000,002,198 | ---- | M] () -- C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\4cg5rcw3.default\searchplugins\google-search.xml
    [2010/10/20 18:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/11/24 09:15:19 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
    [2008/09/10 00:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
    [2007/08/07 08:25:58 | 000,001,461 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
    [2009/04/07 14:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober3233666.gif
    [2009/12/12 10:21:44 | 000,000,202 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober3233666.src

    O1 HOSTS File: ([2011/01/26 12:36:05 | 000,428,884 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 14769 more lines...
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [WPCUMI] C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
    O4 - Startup: C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01...PUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Dana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Dana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/09/21 18:42:41 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/28 12:12:40 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/01/27 21:31:00 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Dana\Desktop\OTL.exe
    [2011/01/27 15:50:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/01/27 15:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/01/27 15:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2011/01/27 15:46:45 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Dana\Desktop\erunt-setup.exe
    [2011/01/27 00:30:54 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/01/27 00:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/01/26 14:50:06 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
    [2011/01/26 14:49:47 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011/01/26 14:40:33 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Local\Sunbelt Software
    [2011/01/26 14:38:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2011/01/26 14:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011/01/26 14:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011/01/26 14:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2011/01/26 12:48:43 | 130,359,064 | ---- | C] (Lavasoft ) -- C:\Users\Dana\Desktop\Ad-Aware90Install.exe
    [2011/01/25 19:48:06 | 000,000,000 | ---D | C] -- C:\Users\Dana\Documents\Love You for Your Face
    [2011/01/23 22:44:22 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\Reference Photos and Inspiration
    [2011/01/23 22:35:25 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\Santa Pictures
    [2011/01/23 22:33:32 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\Christmas Stuff
    [2011/01/23 22:33:30 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\Christmas Door Competition
    [2011/01/23 22:33:21 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\Christmas 2010
    [2011/01/23 22:31:26 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\.psd Files
    [2011/01/23 22:30:47 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\.ai Files
    [2011/01/23 22:30:27 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\.fla Files
    [2011/01/23 22:30:16 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\.indd Files
    [2011/01/23 22:29:51 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\TDSB
    [2011/01/23 16:08:53 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\Adobe Illustrator CS5
    [2011/01/23 14:59:42 | 001,228,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Dana\Desktop\Illustrator_15_LS1.exe
    [2011/01/23 10:52:09 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\Adobe Application Manager 1.5
    [2011/01/23 10:49:00 | 030,776,016 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Dana\Desktop\ApplicationManager1.5_all.exe
    [2011/01/22 15:27:22 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\CS5
    [2011/01/22 13:45:45 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\Seungri (Big Bang) - VVIP
    [2011/01/19 16:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JPEG to PDF
    [2011/01/19 16:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\JPEG to PDF
    [2011/01/19 16:22:54 | 000,591,266 | ---- | C] (jpegtopdf.com ) -- C:\Users\Dana\Desktop\jpegtopdf_setup.exe
    [2011/01/17 23:47:01 | 000,000,000 | ---D | C] -- C:\aeaf14c6383169906a187a71917593
    [2011/01/17 23:27:26 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
    [2011/01/17 23:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
    [2011/01/11 15:54:27 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
    [2011/01/11 15:54:22 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
    [2011/01/08 19:45:05 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2011/01/08 19:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2011/01/08 15:20:39 | 000,000,000 | ---D | C] -- C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
    [2011/01/08 15:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
    [2011/01/08 15:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
    [2011/01/04 21:06:36 | 000,000,000 | ---D | C] -- C:\Users\Dana\Desktop\TVXQ - Keep Your Head Down (Full)
    [2011/01/02 17:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
    [2011/01/02 17:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
    [2011/01/01 22:01:56 | 000,000,000 | ---D | C] -- C:\Users\Dana\Documents\Adobe
    [2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/01/29 14:25:44 | 004,262,047 | ---- | M] () -- C:\Users\Dana\Desktop\ComboFix.exe
    [2011/01/29 14:10:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/29 14:10:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/29 13:48:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-255328087-349536182-3825070298-1000UA.job
    [2011/01/29 12:49:39 | 000,114,305 | ---- | M] () -- C:\Users\Dana\Desktop\Fall%202011-Acknowledgment%20Letter.pdf
    [2011/01/29 12:48:34 | 000,149,268 | ---- | M] () -- C:\Users\Dana\Desktop\Fall%202011-Conditional%20Offer%20of%20Admission-Bachelor%20of%20Technology%20-%20Graphic%20Communications%20Management.pdf
    [2011/01/29 12:10:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/29 09:47:21 | 000,133,632 | ---- | M] () -- C:\Users\Dana\Desktop\RKUnhookerLE.EXE
    [2011/01/29 09:43:08 | 070,562,341 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2011/01/29 09:39:08 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011/01/29 09:35:30 | 000,000,296 | -HS- | M] () -- C:\Windows\tasks\Jqzo.job
    [2011/01/29 09:35:18 | 3085,492,224 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/27 21:31:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Dana\Desktop\OTL.exe
    [2011/01/27 20:48:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-255328087-349536182-3825070298-1000Core.job
    [2011/01/27 15:50:32 | 000,000,915 | ---- | M] () -- C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/01/27 15:50:22 | 000,000,716 | ---- | M] () -- C:\Users\Dana\Desktop\ERUNT.lnk
    [2011/01/27 15:47:27 | 000,624,128 | ---- | M] () -- C:\Users\Dana\Desktop\dds.scr
    [2011/01/27 15:46:49 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Dana\Desktop\erunt-setup.exe
    [2011/01/27 09:30:03 | 000,002,521 | ---- | M] () -- C:\Users\Dana\Desktop\HiJackThis.lnk
    [2011/01/27 00:27:52 | 001,402,880 | ---- | M] () -- C:\Users\Dana\Desktop\HiJackThis.msi
    [2011/01/26 14:49:31 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011/01/26 14:49:28 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
    [2011/01/26 14:37:55 | 000,001,033 | ---- | M] () -- C:\Users\Dana\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011/01/26 14:37:55 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/01/26 12:48:48 | 130,359,064 | ---- | M] (Lavasoft ) -- C:\Users\Dana\Desktop\Ad-Aware90Install.exe
    [2011/01/26 12:36:05 | 000,428,884 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/01/25 17:28:37 | 003,134,265 | ---- | M] () -- C:\Users\Dana\Desktop\Approval.pdf
    [2011/01/24 00:07:31 | 000,606,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/01/24 00:07:30 | 000,108,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/01/23 22:32:53 | 000,025,088 | ---- | M] () -- C:\Users\Dana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/23 22:01:16 | 003,852,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/01/23 18:33:16 | 000,079,360 | RHS- | M] () -- C:\Windows\System32\mmsysd.dll
    [2011/01/23 14:59:54 | 001,228,384 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Dana\Desktop\Illustrator_15_LS1.exe
    [2011/01/23 10:49:54 | 030,776,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Dana\Desktop\ApplicationManager1.5_all.exe
    [2011/01/22 22:56:40 | 000,086,861 | ---- | M] () -- C:\Users\Dana\Documents\My teachers.docx
    [2011/01/22 13:42:02 | 057,809,982 | ---- | M] () -- C:\Users\Dana\Desktop\Seungri (Big Bang) - VVIP (iHoneydew.com).zip
    [2011/01/21 16:39:19 | 004,419,739 | ---- | M] () -- C:\Users\Dana\Desktop\Jaejoong with make up.psd
    [2011/01/19 16:23:03 | 000,591,266 | ---- | M] (jpegtopdf.com ) -- C:\Users\Dana\Desktop\jpegtopdf_setup.exe
    [2011/01/15 16:30:29 | 017,321,763 | ---- | M] () -- C:\Users\Dana\Desktop\Functions_11.rar
    [2011/01/15 15:39:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/01/12 17:39:41 | 000,011,901 | ---- | M] () -- C:\Users\Dana\Documents\long long link.docx
    [2011/01/10 16:26:18 | 000,000,144 | ---- | M] () -- C:\Users\Dana\AppData\Roaming\wklnhst.dat
    [2011/01/08 19:45:04 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
    [2011/01/03 20:14:11 | 001,366,019 | ---- | M] () -- C:\Users\Dana\Desktop\KeeleMap.pdf
    [2011/01/02 17:45:27 | 000,001,420 | ---- | M] () -- C:\Users\Dana\.recently-used.xbel
    [2011/01/02 17:29:57 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
    [2011/01/01 19:26:35 | 000,223,760 | ---- | M] () -- C:\Users\Dana\Desktop\Puzzle (13).JPG

    ========== Files Created - No Company Name ==========

    [2011/01/29 14:25:42 | 004,262,047 | ---- | C] () -- C:\Users\Dana\Desktop\ComboFix.exe
    [2011/01/29 12:49:39 | 000,114,305 | ---- | C] () -- C:\Users\Dana\Desktop\Fall%202011-Acknowledgment%20Letter.pdf
    [2011/01/29 12:48:34 | 000,149,268 | ---- | C] () -- C:\Users\Dana\Desktop\Fall%202011-Conditional%20Offer%20of%20Admission-Bachelor%20of%20Technology%20-%20Graphic%20Communications%20Management.pdf
    [2011/01/29 09:47:20 | 000,133,632 | ---- | C] () -- C:\Users\Dana\Desktop\RKUnhookerLE.EXE
    [2011/01/27 16:53:55 | 000,152,064 | ---- | C] () -- C:\Users\Dana\Desktop\Page Layout.ppt
    [2011/01/27 16:53:39 | 003,040,768 | ---- | C] () -- C:\Users\Dana\Desktop\DPI and Resolution.ppt
    [2011/01/27 16:53:39 | 000,829,440 | ---- | C] () -- C:\Users\Dana\Desktop\Elements and Principles of Design.ppt
    [2011/01/27 16:53:39 | 000,415,232 | ---- | C] () -- C:\Users\Dana\Desktop\designbrief.ppt
    [2011/01/27 16:53:11 | 004,781,568 | ---- | C] () -- C:\Users\Dana\Desktop\Writing About Design.ppt
    [2011/01/27 16:53:11 | 000,735,744 | ---- | C] () -- C:\Users\Dana\Desktop\Some inspiration.ppt
    [2011/01/27 15:50:32 | 000,000,915 | ---- | C] () -- C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2011/01/27 15:50:22 | 000,000,716 | ---- | C] () -- C:\Users\Dana\Desktop\ERUNT.lnk
    [2011/01/27 15:47:17 | 000,624,128 | ---- | C] () -- C:\Users\Dana\Desktop\dds.scr
    [2011/01/27 00:30:54 | 000,002,521 | ---- | C] () -- C:\Users\Dana\Desktop\HiJackThis.lnk
    [2011/01/27 00:27:50 | 001,402,880 | ---- | C] () -- C:\Users\Dana\Desktop\HiJackThis.msi
    [2011/01/26 23:17:38 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011/01/26 23:07:48 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
    [2011/01/26 14:37:55 | 000,001,033 | ---- | C] () -- C:\Users\Dana\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011/01/26 14:37:55 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/01/25 17:28:37 | 003,134,265 | ---- | C] () -- C:\Users\Dana\Desktop\Approval.pdf
    [2011/01/23 22:34:31 | 000,025,088 | ---- | C] () -- C:\Users\Dana\Desktop\A father's Poem (use for layout).doc
    [2011/01/23 18:33:41 | 000,000,296 | -HS- | C] () -- C:\Windows\tasks\Jqzo.job
    [2011/01/23 18:33:16 | 000,079,360 | RHS- | C] () -- C:\Windows\System32\mmsysd.dll
    [2011/01/23 17:17:48 | 000,001,433 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS5.lnk
    [2011/01/23 17:14:54 | 000,000,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
    [2011/01/23 17:11:56 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
    [2011/01/23 17:01:30 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
    [2011/01/23 17:00:32 | 000,001,310 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
    [2011/01/23 16:57:02 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    [2011/01/22 22:56:38 | 000,086,861 | ---- | C] () -- C:\Users\Dana\Documents\My teachers.docx
    [2011/01/22 13:37:57 | 057,809,982 | ---- | C] () -- C:\Users\Dana\Desktop\Seungri (Big Bang) - VVIP (iHoneydew.com).zip
    [2011/01/21 16:39:16 | 004,419,739 | ---- | C] () -- C:\Users\Dana\Desktop\Jaejoong with make up.psd
    [2011/01/15 16:31:08 | 018,430,474 | ---- | C] () -- C:\Users\Dana\Desktop\Functions_11.pdf
    [2011/01/15 16:27:48 | 017,321,763 | ---- | C] () -- C:\Users\Dana\Desktop\Functions_11.rar
    [2011/01/12 17:39:41 | 000,011,901 | ---- | C] () -- C:\Users\Dana\Documents\long long link.docx
    [2011/01/08 19:45:04 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
    [2011/01/03 20:14:11 | 001,366,019 | ---- | C] () -- C:\Users\Dana\Desktop\KeeleMap.pdf
    [2011/01/02 17:45:27 | 000,001,420 | ---- | C] () -- C:\Users\Dana\.recently-used.xbel
    [2011/01/02 17:29:57 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
    [2011/01/01 19:26:34 | 000,223,760 | ---- | C] () -- C:\Users\Dana\Desktop\Puzzle (13).JPG
    [2010/11/17 17:04:45 | 000,000,144 | ---- | C] () -- C:\Users\Dana\AppData\Roaming\wklnhst.dat
    [2010/08/20 13:26:10 | 000,007,728 | ---- | C] () -- C:\Users\Dana\AppData\Local\d3d9caps.dat
    [2010/07/02 12:31:11 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
    [2010/05/13 20:51:39 | 000,004,096 | -H-- | C] () -- C:\Users\Dana\AppData\Local\keyfile3.drm
    [2010/04/27 17:41:30 | 000,000,016 | ---- | C] () -- C:\Windows\encore_launcher.ini
    [2010/04/27 17:41:08 | 000,000,158 | ---- | C] () -- C:\Windows\compedia.ini
    [2009/09/20 18:31:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\tBass.dll
    [2009/09/10 19:15:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/19 21:32:59 | 000,025,088 | ---- | C] () -- C:\Users\Dana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/19 10:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
    [2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
    [2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
    [2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
    [2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
    [2007/06/01 15:15:20 | 000,000,311 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2007/06/01 15:03:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
    [2007/06/01 14:51:28 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
    [2007/06/01 14:51:27 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
    [2007/03/06 03:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2007/01/12 09:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2007/01/12 09:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 292 bytes -> C:\ProgramData\TEMP:9AF3A05F
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:59D05D9A
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:1C5692E6
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:91730504
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:73C25840
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3857ABB7
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B54102AD
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DD842FD5
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:14750D76
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F50F1555

    < End of report >

  3. #13
    Junior Member
    Join Date
    Jan 2011
    Posts
    13

    Default

    And here's my ComboFix log:

    ComboFix 11-01-28.03 - Dana 29/01/2011 15:53:12.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2942.1992 [GMT -5:00]
    Running from: c:\users\Dana\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
    .

    2011-01-29 21:03 . 2011-01-29 21:04 -------- d-----w- c:\users\Dana\AppData\Local\temp
    2011-01-29 21:03 . 2011-01-29 21:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-01-29 21:03 . 2011-01-29 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-29 21:03 . 2011-01-29 21:03 -------- d-----w- c:\users\Cheeselund\AppData\Local\temp
    2011-01-28 17:12 . 2011-01-28 17:12 -------- d-----w- C:\_OTL
    2011-01-27 20:50 . 2011-01-27 20:50 -------- d-----w- c:\program files\ERUNT
    2011-01-27 05:30 . 2011-01-27 05:30 388096 ----a-r- c:\users\Dana\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-27 05:30 . 2011-01-27 05:30 -------- d-----w- c:\program files\Trend Micro
    2011-01-26 19:49 . 2011-01-26 19:49 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-01-26 19:40 . 2011-01-26 19:40 -------- d-----w- c:\users\Dana\AppData\Local\Sunbelt Software
    2011-01-26 19:38 . 2011-01-29 19:55 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2011-01-26 19:32 . 2011-01-26 19:49 -------- d-----w- c:\programdata\Lavasoft
    2011-01-26 19:32 . 2011-01-26 19:32 -------- d-----w- c:\program files\Lavasoft
    2011-01-23 23:33 . 2011-01-23 23:33 79360 --sha-r- c:\windows\system32\mmsysd.dll
    2011-01-19 21:24 . 2011-01-19 21:24 -------- d-----w- c:\program files\JPEG to PDF
    2011-01-18 04:47 . 2011-01-18 04:47 -------- d-----w- C:\aeaf14c6383169906a187a71917593
    2011-01-18 04:27 . 2011-01-18 04:27 -------- d-----w- c:\program files\Xenocode
    2011-01-11 20:54 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-11 20:54 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-11 20:54 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-11 20:54 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-11 20:54 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
    2011-01-11 20:54 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-11 20:54 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-01-08 20:20 . 2011-01-08 20:20 -------- d-----w- c:\program files\CleanUp!
    2011-01-02 22:28 . 2011-01-02 22:29 -------- d-----w- c:\program files\GIMP-2.0

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 23:09 . 2010-10-22 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-10-22 22:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-09 13:58 . 2010-12-09 13:58 605960 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-04 18:56 . 2010-12-16 22:34 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55 . 2010-12-16 22:34 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55 . 2010-12-16 22:34 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55 . 2010-12-16 22:34 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34 . 2010-12-16 22:34 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01 . 2010-12-16 22:34 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57 . 2010-12-16 22:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57 . 2010-12-16 22:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57 . 2010-12-16 22:34 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57 . 2010-12-16 22:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01 . 2010-12-16 22:34 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26 . 2010-12-16 22:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24 . 2010-12-16 22:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-11-08 497648]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

    c:\users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
    backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Dana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk]
    path=c:\users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
    backup=c:\windows\pss\ViiKiiDesktopPlugin.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-08-03 22:14 133104 ----atw- c:\users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-09-23 05:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
    2007-03-02 21:55 1441792 ----a-w- c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-08-31 20:06 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2010-09-28 00:18 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [2009-02-12 22312]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-03-20 391168]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-255328087-349536182-3825070298-1000Core.job
    - c:\users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-03 22:14]

    2011-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-255328087-349536182-3825070298-1000UA.job
    - c:\users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-03 22:14]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    FF - ProfilePath - c:\users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\4cg5rcw3.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?rls=ig&hl=en&source=iglk
    FF - prefs.js: keyword.URL - hxxp://www.samenc.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=9PyNom5m&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com
    FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - user.js: keyword.URL - hxxp://www.samenc.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=9PyNom5m&q=
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-29 16:04
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-01-29 16:05:44
    ComboFix-quarantined-files.txt 2011-01-29 21:05
    ComboFix2.txt 2011-01-29 20:15

    Pre-Run: 300,199,849,984 bytes free
    Post-Run: 300,168,880,128 bytes free

    - - End Of File - - 96B5DB6CDDCBDDD7B6CF37493D5B9FA8

  4. #14
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    ViiKiiDesktopPlugin
    <--Not sure what to make of this , is this something you installed and use ?

    uTorrent <--Any form of file sharing is dangerous, your downloading that file from an unknown source and some contain malware, malware writers are using programs like this to infect your computer. I am going to ask you to uninstall it via Programs and Features in the Control Panel.



    ESET Online Scanner
    I'd like us to scan your machine with ESET Online Scan

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push

    http://www.eset.com/onlinescan/
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #15
    Junior Member
    Join Date
    Jan 2011
    Posts
    13

    Default

    Hi,

    I've uninstalled utorrent just as you requested. As for the Viikii plugin, it's used to translate videos to English or something like that. It's been a long time since I've last touched it. But now I removed it since I won't be using that.

    By the way, here's the result from the ESET online scan:

    C:\Users\Dana\Desktop\New Folder\HSS-1.49-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application

  6. #16
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    How are things running now ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #17
    Junior Member
    Join Date
    Jan 2011
    Posts
    13

    Default

    From the scan result that I just gave you, I shredded the file using Spybot's File Shredder.
    Thank you so much for helping me fix the search redirect problem.

  8. #18
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Your very welcome,


    Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups






    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #19
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •