Google redirect help

[ken545]

This may be the culprit

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"=-

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

 

[ken545]

Been looking over this thread, lets try this

OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 

[ken545]

Still with us ?

 

[GKFISH]

Sorry for not being able to post. Here is the Combo Fix log from today. I will wait to hear from you before I run OTL.
Thanks, Greg

ComboFix 11-09-21.03 - Greg 09/21/2011 13:50:04.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2232 [GMT -4:00]
Running from: c:\documents and settings\Greg\Desktop\COMBO-FIX.exe
Command switches used :: c:\documents and settings\Greg\Desktop\CFScript.txt
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse
c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\documents and settings\Kiddies\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Kiddies\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse
c:\documents and settings\Kiddies\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-08-21 to 2011-09-21 )))))))))))))))))))))))))))))))
.
.
2011-09-21 18:22 . 2011-09-21 18:24 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory
2011-09-14 23:27 . 2011-09-14 23:27 -------- d-----w- c:\documents and settings\Greg\Application Data\SUPERAntiSpyware.com
2011-09-14 23:26 . 2011-09-14 23:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-14 23:26 . 2011-09-14 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-13 20:39 . 2011-09-13 20:40 -------- d-----w- c:\program files\iPod
2011-09-13 20:39 . 2011-09-13 20:41 -------- d-----w- c:\program files\iTunes
2011-09-12 23:46 . 2011-09-12 23:46 -------- d-----w- c:\program files\ESET
2011-09-10 01:07 . 2011-09-10 01:07 -------- d--h--w- c:\windows\PIF
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-08-31 19:56 . 2011-08-31 21:18 -------- d-----w- C:\COMBO-FIX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 18:48 . 2008-04-04 00:06 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-30 18:17 . 2011-06-22 15:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-24 14:10 . 2004-08-10 18:01 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-09-10 14:44 . 2011-05-08 01:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-31_21.01.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-14 16:59 . 2011-09-14 16:59 22016 c:\windows\Installer\2b0ec8.msi
- 2008-03-13 23:43 . 2011-06-17 01:20 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-13 23:43 . 2011-06-17 01:20 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-13 23:43 . 2011-06-17 01:20 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-06 01:07 . 2011-08-27 20:32 5852 c:\windows\system32\KGyGaAvL.sys
+ 2008-04-06 01:07 . 2011-09-06 17:21 5852 c:\windows\system32\KGyGaAvL.sys
- 2008-03-13 23:43 . 2011-06-17 01:20 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-13 23:43 . 2011-06-17 01:20 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-13 23:43 . 2011-06-17 01:20 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-03-13 23:43 . 2011-06-17 01:20 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-09-13 20:42 . 2011-09-13 20:42 380928 c:\windows\Installer\{69995C7A-062A-4A90-A4DF-8C22895DF522}\iTunesIco.exe
+ 2011-01-14 11:10 . 2011-01-14 11:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2011-09-10 00:59 . 2011-09-10 00:59 278528 c:\windows\ERDNT\AutoBackup\9-9-2011\Users\00000002\UsrClass.dat
+ 2011-09-10 00:59 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-9-2011\ERDNT.EXE
+ 2011-09-06 15:21 . 2011-09-06 15:21 278528 c:\windows\ERDNT\AutoBackup\9-6-2011\Users\00000002\UsrClass.dat
+ 2011-09-06 15:21 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-6-2011\ERDNT.EXE
+ 2011-09-05 16:57 . 2011-09-05 16:57 278528 c:\windows\ERDNT\AutoBackup\9-5-2011\Users\00000002\UsrClass.dat
+ 2011-09-05 16:57 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-5-2011\ERDNT.EXE
+ 2011-09-04 23:28 . 2011-09-04 23:28 278528 c:\windows\ERDNT\AutoBackup\9-4-2011\Users\00000002\UsrClass.dat
+ 2011-09-04 23:28 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-4-2011\ERDNT.EXE
+ 2011-09-21 17:19 . 2011-09-21 17:19 278528 c:\windows\ERDNT\AutoBackup\9-21-2011\Users\00000002\UsrClass.dat
+ 2011-09-21 17:20 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-21-2011\ERDNT.EXE
+ 2011-09-17 16:54 . 2011-09-17 16:54 278528 c:\windows\ERDNT\AutoBackup\9-17-2011\Users\00000002\UsrClass.dat
+ 2011-09-17 16:54 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-17-2011\ERDNT.EXE
+ 2011-09-17 00:00 . 2011-09-17 00:00 278528 c:\windows\ERDNT\AutoBackup\9-16-2011\Users\00000002\UsrClass.dat
+ 2011-09-17 00:00 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-16-2011\ERDNT.EXE
+ 2011-09-14 16:13 . 2011-09-14 16:13 278528 c:\windows\ERDNT\AutoBackup\9-14-2011\Users\00000002\UsrClass.dat
+ 2011-09-14 16:13 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-14-2011\ERDNT.EXE
+ 2011-09-13 12:22 . 2011-09-13 12:22 278528 c:\windows\ERDNT\AutoBackup\9-13-2011\Users\00000002\UsrClass.dat
+ 2011-09-13 12:22 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-13-2011\ERDNT.EXE
+ 2011-09-12 18:45 . 2011-09-12 18:45 278528 c:\windows\ERDNT\AutoBackup\9-12-2011\Users\00000002\UsrClass.dat
+ 2011-09-12 18:45 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-12-2011\ERDNT.EXE
+ 2011-09-10 14:41 . 2011-09-10 14:41 278528 c:\windows\ERDNT\AutoBackup\9-10-2011\Users\00000002\UsrClass.dat
+ 2011-09-10 14:41 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-10-2011\ERDNT.EXE
+ 2011-09-13 20:42 . 2011-09-13 20:42 5467136 c:\windows\Installer\5b9be.msi
+ 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\26740d.msp
+ 2011-09-07 01:46 . 2011-09-07 01:46 9006080 c:\windows\Installer\2673fc.msp
+ 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\2673eb.msp
+ 2011-07-21 16:34 . 2011-07-21 16:34 3456000 c:\windows\Installer\2673db.msp
+ 2011-09-07 01:48 . 2011-09-07 01:48 8181248 c:\windows\Installer\2673d0.msp
+ 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\2673bf.msp
- 2008-03-13 23:43 . 2011-06-17 01:20 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-03-13 23:43 . 2011-09-15 01:00 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-01-14 11:10 . 2011-01-14 11:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2009-04-03 22:21 . 2009-04-03 22:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2011-09-10 00:59 . 2011-09-10 00:59 3141632 c:\windows\ERDNT\AutoBackup\9-9-2011\Users\00000001\ntuser.dat
+ 2011-09-06 15:21 . 2011-09-06 15:21 3141632 c:\windows\ERDNT\AutoBackup\9-6-2011\Users\00000001\ntuser.dat
+ 2011-09-05 16:56 . 2011-09-05 16:57 3133440 c:\windows\ERDNT\AutoBackup\9-5-2011\Users\00000001\ntuser.dat
+ 2011-09-04 23:28 . 2011-09-04 23:28 3133440 c:\windows\ERDNT\AutoBackup\9-4-2011\Users\00000001\ntuser.dat
+ 2011-09-21 17:19 . 2011-09-21 17:19 3153920 c:\windows\ERDNT\AutoBackup\9-21-2011\Users\00000001\ntuser.dat
+ 2011-09-17 16:54 . 2011-09-17 16:54 3153920 c:\windows\ERDNT\AutoBackup\9-17-2011\Users\00000001\ntuser.dat
+ 2011-09-17 00:00 . 2011-09-17 00:00 3153920 c:\windows\ERDNT\AutoBackup\9-16-2011\Users\00000001\ntuser.dat
+ 2011-09-14 16:13 . 2011-09-14 16:13 3141632 c:\windows\ERDNT\AutoBackup\9-14-2011\Users\00000001\ntuser.dat
+ 2011-09-13 12:22 . 2011-09-13 12:22 3141632 c:\windows\ERDNT\AutoBackup\9-13-2011\Users\00000001\ntuser.dat
+ 2011-09-12 18:45 . 2011-09-12 18:45 3141632 c:\windows\ERDNT\AutoBackup\9-12-2011\Users\00000001\ntuser.dat
+ 2011-09-10 14:41 . 2011-09-10 14:41 3141632 c:\windows\ERDNT\AutoBackup\9-10-2011\Users\00000001\ntuser.dat
+ 2009-03-20 00:59 . 2011-09-15 00:58 46249416 c:\windows\system32\MRT.exe
+ 2009-04-03 22:21 . 2009-04-03 22:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OART.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-09-12 2076512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\Kiddies\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Greg\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-13 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-25 14:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Dell Photo AIO Printer 926\\dlcxmon.exe"=
"c:\\Program Files\\Linksys\\WUSB54GSC\\WUSB54GSC.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/3/2008 8:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2008 8:06 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2008 8:06 PM 243152]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/25/2010 10:30 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/25/2010 10:30 AM 308136]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S2 gupdate1c99b7fb460f64;Google Update Service (gupdate1c99b7fb460f64);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
S3 atidgllk;atidgllk;c:\dell\drivers\R169419\atidgllk.sys [4/2/2008 7:47 PM 12048]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 5:57 PM 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-09-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-02 19:40]
.
2011-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://free.avg.com/ww.homepage-tlbrf
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\
FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
FF - prefs.js: browser.startup.homepage - WWW.GOOGLE.COM
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-21 14:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Linksys\WUSB54GSC\WLService.exe
c:\program files\Linksys\WUSB54GSC\WUSB54GSC.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2011-09-21 14:39:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-21 18:38
ComboFix2.txt 2011-09-06 01:49
ComboFix3.txt 2011-09-05 02:41
ComboFix4.txt 2011-08-31 23:48
ComboFix5.txt 2011-09-21 17:40
.
Pre-Run: 473,422,430,208 bytes free
Post-Run: 473,529,610,240 bytes free
.
- - End Of File - - 8A269A71A6280886C60F07BDB0B83781

 

[GKFISH]

Hi Ken, here are the Extras and OTL files...Greg

 

[GKFISH]

Ken, the only way to fit this file was to zip it, hope it helps. Greg

OTL logfile created on: 9/21/2011 4:43:50 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Greg\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 84.16% Memory free
4.84 Gb Paging File | 4.10 Gb Available in Paging File | 84.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.40 Gb Total Space | 441.04 Gb Free Space | 95.38% Space Free | Partition Type: NTFS

Computer Name: D9BJXTF1 | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Greg\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe (Linksys)
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\WINDOWS\system32\dlcxcoms.exe ( )
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
PRC - C:\Program Files\Linksys\WUSB54GSC\WLService.exe (GEMTEKS)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e144f4b7\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_47d53a12\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ad779118\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d9d19370\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5bac3bd0\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxprpr.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxdrui.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxdr.dll ()
MOD - C:\Program Files\Dell PC Fax\dlctrstr.dll ()
MOD - C:\WINDOWS\system32\DLPRMON.DLL ()
MOD - C:\Program Files\Dell PC Fax\ipcmt.dll ()
MOD - C:\WINDOWS\system32\dlcxcaps.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxcfg.dll ()
MOD - C:\WINDOWS\system32\dlcxcfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\DLCXcfg.dll ()
MOD - C:\WINDOWS\system32\dlcxdrs.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxhpec.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxflib.dll ()
MOD - C:\WINDOWS\system32\dlcxcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll ()
MOD - C:\Program Files\Linksys\WUSB54GSC\Security.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\WINDOWS\system32\GTW32N50.dll ()
MOD - C:\Program Files\Linksys\WUSB54GSC\GEMWEP.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GSC) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (atidgllk) -- C:\dell\drivers\R169419\atidgllk.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://free.avg.com/ww.homepage-tlbrf
IE - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"
FF - prefs.js..browser.startup.homepage: " WWW.GOOGLE.COM"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/12 14:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/13 12:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/10 10:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/18 13:22:42 | 000,000,000 | ---D | M]

[2008/12/15 12:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions
[2011/08/20 15:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions
[2011/01/28 11:40:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/16 18:49:57 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/08/20 15:18:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/14 16:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/13 12:43:11 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/09/10 10:44:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/07 21:03:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/08/12 04:21:14 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml

O1 HOSTS File: ([2011/09/21 14:22:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3403932015-1817560134-3592977785-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{477A5AC8-5CBC-4C60-BA9C-A2AF7719E1D3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/21 15:10:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\ApplicationHistory
[2011/09/21 14:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/21 13:38:27 | 000,000,000 | ---D | C] -- C:\COMBO-FIX4520C
[2011/09/21 13:35:22 | 000,000,000 | ---D | C] -- C:\COMBO-FIX17960C
[2011/09/14 19:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\SUPERAntiSpyware.com
[2011/09/14 19:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/14 13:59:14 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe
[2011/09/13 16:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/13 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/12 21:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\New Folder
[2011/09/12 19:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/12 14:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\GooredFix Backups
[2011/09/12 14:48:05 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Greg\Desktop\GooredFix.exe
[2011/09/09 21:07:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/06 11:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\tdsskiller
[2011/09/05 20:54:16 | 000,000,000 | ---D | C] -- C:\COMBO-FIX30049C
[2011/09/05 20:47:55 | 000,000,000 | ---D | C] -- C:\COMBO-FIX12903C
[2011/09/04 20:57:59 | 000,000,000 | ---D | C] -- C:\COMBO-FIX24678C
[2011/09/04 20:54:45 | 000,000,000 | ---D | C] -- C:\COMBO-FIX18701C
[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/31 18:57:18 | 000,000,000 | ---D | C] -- C:\COMBO-FIX13920C
[2011/08/31 16:13:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/31 15:57:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 15:57:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 15:57:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 15:57:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/31 15:56:06 | 000,000,000 | ---D | C] -- C:\COMBO-FIX
[2011/08/31 15:40:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/31 15:31:02 | 004,222,691 | R--- | C] (Swearware) -- C:\Documents and Settings\Greg\Desktop\COMBO-FIX.exe
[2011/08/31 11:39:01 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Greg\Desktop\RootRepeal.exe
[2011/08/30 23:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\My Documents\My Received Files
[2011/08/27 19:56:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\Administrative Tools
[2008/04/02 15:56:23 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2008/04/02 15:55:31 | 000,385,928 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxih.exe
[2008/04/02 15:55:30 | 000,537,480 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
[2008/04/02 15:55:29 | 000,381,832 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxcfg.exe
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/21 16:41:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/21 16:04:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/21 14:22:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/21 14:21:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/21 14:21:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/21 14:21:00 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/21 13:36:22 | 004,222,691 | R--- | M] (Swearware) -- C:\Documents and Settings\Greg\Desktop\COMBO-FIX.exe
[2011/09/21 13:15:14 | 086,494,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/21 13:11:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/17 19:01:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\prvlcl.dat
[2011/09/14 20:58:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/14 19:26:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/14 14:29:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Greg\settings.dat
[2011/09/14 14:28:33 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to gmer(1).lnk
[2011/09/14 14:07:46 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to aswMBR.lnk
[2011/09/14 13:59:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe
[2011/09/13 16:41:22 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/12 20:36:36 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Microsoft Office Word 2007.lnk
[2011/09/12 14:48:56 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/09/12 14:48:05 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Greg\Desktop\GooredFix.exe
[2011/09/09 21:07:09 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to exeHelper.pif
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/08 14:41:34 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/09/06 13:21:58 | 000,005,852 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/09/06 13:21:57 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\5018098FE8.sys
[2011/09/06 13:21:13 | 000,019,574 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\images.bmp
[2011/09/06 13:15:10 | 000,008,761 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\talons.jpg
[2011/09/06 11:33:59 | 001,384,962 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\tdsskiller.zip
[2011/08/31 16:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/31 11:38:18 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to RootRepeal.lnk
[2011/08/30 22:44:40 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\rkill.scr
[2011/08/30 22:29:54 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\rkill.exe
[2011/08/30 14:17:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/27 20:03:08 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/27 20:02:54 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\NTREGOPT.lnk
[2011/08/27 20:02:54 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\ERUNT.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tusijozo
[2011/09/14 19:26:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/14 15:53:35 | 000,089,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/14 14:29:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Greg\settings.dat
[2011/09/14 14:28:33 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to gmer(1).lnk
[2011/09/14 14:00:19 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to aswMBR.lnk
[2011/09/13 16:41:22 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/09 23:32:55 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/09 21:07:09 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to exeHelper.pif
[2011/09/06 13:21:13 | 000,019,574 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\images.bmp
[2011/09/06 13:15:41 | 000,008,761 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\talons.jpg
[2011/09/06 11:33:57 | 001,384,962 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\tdsskiller.zip
[2011/08/31 15:57:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 15:57:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 15:57:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 15:57:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 15:57:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/31 11:38:18 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to RootRepeal.lnk
[2011/08/30 22:44:31 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\rkill.scr
[2011/08/30 22:29:47 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\rkill.exe
[2011/08/27 20:03:08 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/27 20:02:54 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\NTREGOPT.lnk
[2011/08/27 20:02:54 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\ERUNT.lnk
[2011/01/22 13:21:17 | 000,028,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/30 21:03:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\prvlcl.dat
[2009/03/08 21:01:34 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/26 13:19:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/11/26 13:19:18 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/04/05 21:07:20 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\5018098FE8.sys
[2008/04/05 21:07:19 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/04/03 19:16:04 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/02 19:52:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/02 15:56:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/04/02 15:56:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/04/02 15:56:23 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/04/02 15:55:30 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2008/04/02 15:55:29 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2008/04/02 15:53:08 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:50:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/13 19:20:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/03/13 19:16:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/03/13 19:16:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/03/13 19:16:37 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/03/13 19:16:36 | 000,156,671 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/03/13 19:16:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/03/13 19:16:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/03/13 19:16:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/03/13 19:15:02 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/20 20:06:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/20 20:03:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/20 19:57:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/20 19:56:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/20 19:48:36 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/22 07:42:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/04/24 15:09:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/03/19 19:03:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,443,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,356 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2010/12/09 18:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1038A
[2010/10/26 17:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/23 21:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 16:12:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/19 20:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iNp06504gIpPp06504
[2008/03/13 19:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/23 21:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2008/03/13 19:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/01/03 18:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/19 20:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\AVG9
[2011/08/27 21:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Greg\Application Data\imeshmediabartb
[2011/04/03 16:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kiddies\Application Data\AVG9
[2011/08/30 23:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kiddies\Application Data\imeshmediabartb
[2011/03/02 17:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kiddies\Application Data\PCDr
[2009/07/05 13:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kiddies\Application Data\VirtualStore

========== Purity Check ==========



< End of report >

 

[ken545]

Hi

after i posted last i was called away, I have very little internet access where im, i am on my phone and cant open the attachment, i hopefully will
Be back later today

 

[ken545]

Hi,

Let do this

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :processes
  killallprocesses
  
  :OTL
  PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
  FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /release /c
  ipconfig /renew /c
  ipconfig /flushdns /c
  
  
  
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Let me know how things are running after the fix

 

[GKFISH]

Hello Ken,

Here is the latest OTL scan file after running fix. Thank you.

OTL logfile created on: 9/23/2011 10:59:14 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Greg\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.72% Memory free
4.84 Gb Paging File | 4.07 Gb Available in Paging File | 84.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.40 Gb Total Space | 441.33 Gb Free Space | 95.44% Space Free | Partition Type: NTFS

Computer Name: D9BJXTF1 | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Greg\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe (Linksys)
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\WINDOWS\system32\dlcxcoms.exe ( )
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
PRC - C:\Program Files\Linksys\WUSB54GSC\WLService.exe (GEMTEKS)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e144f4b7\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_47d53a12\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ad779118\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d9d19370\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5bac3bd0\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll ()
MOD - C:\Program Files\Dell PC Fax\dlctrstr.dll ()
MOD - C:\WINDOWS\system32\DLPRMON.DLL ()
MOD - C:\Program Files\Dell PC Fax\ipcmt.dll ()
MOD - C:\WINDOWS\system32\dlcxcaps.dll ()
MOD - C:\WINDOWS\system32\dlcxcfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\DLCXcfg.dll ()
MOD - C:\WINDOWS\system32\dlcxdrs.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll ()
MOD - C:\WINDOWS\system32\dlcxcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll ()
MOD - C:\Program Files\Linksys\WUSB54GSC\Security.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\WINDOWS\system32\GTW32N50.dll ()
MOD - C:\Program Files\Linksys\WUSB54GSC\GEMWEP.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GSC) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (atidgllk) -- C:\dell\drivers\R169419\atidgllk.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://free.avg.com/ww.homepage-tlbrf
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: " WWW.GOOGLE.COM"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/12 14:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/13 12:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/10 10:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/18 13:22:42 | 000,000,000 | ---D | M]

[2008/12/15 12:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions
[2011/08/20 15:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions
[2011/01/28 11:40:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/16 18:49:57 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/08/20 15:18:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/14 16:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/13 12:43:11 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/09/10 10:44:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/07 21:03:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/08/12 04:21:14 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml

O1 HOSTS File: ([2011/09/23 22:53:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{477A5AC8-5CBC-4C60-BA9C-A2AF7719E1D3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/23 22:52:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/21 15:10:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\ApplicationHistory
[2011/09/21 14:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/21 13:38:27 | 000,000,000 | ---D | C] -- C:\COMBO-FIX4520C
[2011/09/21 13:35:22 | 000,000,000 | ---D | C] -- C:\COMBO-FIX17960C
[2011/09/14 19:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\SUPERAntiSpyware.com
[2011/09/14 19:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/14 13:59:14 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe
[2011/09/13 16:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/13 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/12 21:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\New Folder
[2011/09/12 19:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/12 14:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\GooredFix Backups
[2011/09/12 14:48:05 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Greg\Desktop\GooredFix.exe
[2011/09/09 21:07:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/06 11:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\tdsskiller
[2011/09/05 20:54:16 | 000,000,000 | ---D | C] -- C:\COMBO-FIX30049C
[2011/09/05 20:47:55 | 000,000,000 | ---D | C] -- C:\COMBO-FIX12903C
[2011/09/04 20:57:59 | 000,000,000 | ---D | C] -- C:\COMBO-FIX24678C
[2011/09/04 20:54:45 | 000,000,000 | ---D | C] -- C:\COMBO-FIX18701C
[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/31 18:57:18 | 000,000,000 | ---D | C] -- C:\COMBO-FIX13920C
[2011/08/31 16:13:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/31 15:57:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 15:57:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 15:57:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 15:57:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/31 15:56:06 | 000,000,000 | ---D | C] -- C:\COMBO-FIX
[2011/08/31 15:40:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/31 15:31:02 | 004,222,691 | R--- | C] (Swearware) -- C:\Documents and Settings\Greg\Desktop\COMBO-FIX.exe
[2011/08/31 11:39:01 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Greg\Desktop\RootRepeal.exe
[2011/08/30 23:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\My Documents\My Received Files
[2011/08/27 19:56:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Greg\Start Menu\Programs\Administrative Tools
[2008/04/02 15:56:23 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2008/04/02 15:55:31 | 000,385,928 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxih.exe
[2008/04/02 15:55:30 | 000,537,480 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
[2008/04/02 15:55:29 | 000,381,832 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxcfg.exe
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/09/23 23:01:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/23 22:55:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/23 22:55:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/23 22:55:25 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/23 22:53:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/23 18:13:17 | 086,583,278 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/22 16:04:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/22 15:27:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/21 13:36:22 | 004,222,691 | R--- | M] (Swearware) -- C:\Documents and Settings\Greg\Desktop\COMBO-FIX.exe
[2011/09/17 19:01:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\prvlcl.dat
[2011/09/14 20:58:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/14 19:26:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/14 14:29:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Greg\settings.dat
[2011/09/14 14:28:33 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to gmer(1).lnk
[2011/09/14 14:07:46 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to aswMBR.lnk
[2011/09/14 13:59:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe
[2011/09/13 16:41:22 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/12 20:36:36 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Microsoft Office Word 2007.lnk
[2011/09/12 14:48:56 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/09/12 14:48:05 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Greg\Desktop\GooredFix.exe
[2011/09/09 21:07:09 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to exeHelper.pif
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/08 14:41:34 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/09/06 13:21:58 | 000,005,852 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/09/06 13:21:57 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\5018098FE8.sys
[2011/09/06 13:21:13 | 000,019,574 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\images.bmp
[2011/09/06 13:15:10 | 000,008,761 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\talons.jpg
[2011/09/06 11:33:59 | 001,384,962 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\tdsskiller.zip
[2011/08/31 16:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/31 11:38:18 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to RootRepeal.lnk
[2011/08/30 22:44:40 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\rkill.scr
[2011/08/30 22:29:54 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\rkill.exe
[2011/08/30 14:17:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/27 20:03:08 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/27 20:02:54 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\NTREGOPT.lnk
[2011/08/27 20:02:54 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\ERUNT.lnk

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tusijozo
[2011/09/14 19:26:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/14 15:53:35 | 000,089,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/14 14:29:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Greg\settings.dat
[2011/09/14 14:28:33 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to gmer(1).lnk
[2011/09/14 14:00:19 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to aswMBR.lnk
[2011/09/13 16:41:22 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/09 23:32:55 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/09 21:07:09 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to exeHelper.pif
[2011/09/06 13:21:13 | 000,019,574 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\images.bmp
[2011/09/06 13:15:41 | 000,008,761 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\talons.jpg
[2011/09/06 11:33:57 | 001,384,962 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\tdsskiller.zip
[2011/08/31 15:57:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 15:57:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 15:57:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 15:57:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 15:57:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/31 11:38:18 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to RootRepeal.lnk
[2011/08/30 22:44:31 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\rkill.scr
[2011/08/30 22:29:47 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\rkill.exe
[2011/08/27 20:03:08 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/27 20:02:54 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\NTREGOPT.lnk
[2011/08/27 20:02:54 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\ERUNT.lnk
[2011/01/22 13:21:17 | 000,028,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/30 21:03:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\prvlcl.dat
[2009/03/08 21:01:34 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/26 13:19:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/11/26 13:19:18 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/04/05 21:07:20 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\5018098FE8.sys
[2008/04/05 21:07:19 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/04/03 19:16:04 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/02 19:52:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/02 15:56:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/04/02 15:56:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/04/02 15:56:23 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/04/02 15:55:30 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2008/04/02 15:55:29 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2008/04/02 15:53:08 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:50:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/13 19:20:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/03/13 19:16:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/03/13 19:16:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/03/13 19:16:37 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/03/13 19:16:36 | 000,156,671 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/03/13 19:16:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/03/13 19:16:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/03/13 19:16:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/03/13 19:15:02 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/20 20:06:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/20 20:03:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/20 19:57:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/20 19:56:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/20 19:48:36 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/22 07:42:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/04/24 15:09:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/03/19 19:03:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,443,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,356 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== Custom Scans ==========


< rocesses >

< killallprocesses >

< >

< :OTL >

< PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc) >

< FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search" >

< >

< >

< :Services >

< >

< :Reg >

< >

< :Files >

< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :

< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.242
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< >

< >

< >

< >

< >

< :Commands >

< [purity] >

< [resethosts] >

< [emptytemp] >

< [start explorer] >

< [Reboot] >

< End of report >

 

[ken545]

Hi,

I cant see on the log from the fix if the hosts file was replaced, we need to remove one more entry so lets try it again.



Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :processes
  killallprocesses
  
  :OTL
  PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
  
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\iMesh Applications
  
  
  
  
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

1. Post the log from the fix
2. Run a new OTL scan and post a new log
3. Let me know if the redirects have stopped

 

[GKFISH]

Hi Ken,

Below is the latest OTL scan, Thank you. Greg




User: Greg
->Temp folder emptied: 685496 bytes
->Temporary Internet Files folder emptied: 4193493 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13155027 bytes
->Flash cache emptied: 456 bytes

User: Kiddies
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14415 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 17.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 09242011_124516

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Greg\Local Settings\Temp\config.dat scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\Greg\Local Settings\Temp\Perflib_Perfdata_a50.dat not found!
File\Folder C:\Documents and Settings\Greg\Local Settings\Temp\Perflib_Perfdata_e60.dat not found!
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\XG6WNTGG\adholder[1].php moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\XG6WNTGG\CARMN2RK.htm moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\XG6WNTGG\login_status[1].php moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\OHY3CLYB\emily[1].htm moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\OHY3CLYB\meviomusicvideos.mevio[1] moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\OHY3CLYB\rubicon_sync[1].htm moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\KLYBS9IJ\base.ie6[1].css moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\KLYBS9IJ\data_sync[1].htm moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\KLYBS9IJ\fw-nonplayer-banner[1].php moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\KLYBS9IJ\fw-nonplayer-banner[2].php moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\KLYBS9IJ\pixel[1].ROZOv84PFESr_s8Ey0Rlari_wHedhsl&redirectURL=;ord=077dca2c-7e30-46c7-9608-9fdd57484bb1 moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\KLYBS9IJ\xd_receiver[1].php moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\CPIFOTMF\ads.ie6[1].css moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\CPIFOTMF\bristol-palin-gets-in-to-an-argument[1] moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\CPIFOTMF\CACX6F8H moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\CPIFOTMF\CAG9IJWX.htm moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\CPIFOTMF\fw-nonplayer-banner[1].php moved successfully.

Registry entries deleted on Reboot...

 

[ken545]

1. Post the log from the fix
2. Run a new OTL scan and post a new log
3. Let me know if the redirects have stopped

 

[ken545]

Greg,

Have not heard from you. You have to understand that I am not sitting in front of your computer to see whats going on, your my eyes and ears, if I dont get the logs and comments from you that I ask for then I cant help you, you need to read what I post

This was from Post #70 after the last fix

1. Post the log from the fix <--You posted this

I still need these
2. Run a new OTL scan and post a new log
3. Let me know if the redirects have stopped

 

[GKFISH]

Ken,
I apologize for my absence. The computer is still redirecting on searches, to get around that I cut and paste addresses and go directly to sites.

OTL logfile created on: 9/27/2011 2:23:17 PM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Greg\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.24% Memory free
4.84 Gb Paging File | 3.75 Gb Available in Paging File | 77.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.40 Gb Total Space | 441.14 Gb Free Space | 95.40% Space Free | Partition Type: NTFS

Computer Name: D9BJXTF1 | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Greg\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe (Linksys)
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\WINDOWS\system32\dlcxcoms.exe ( )
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
PRC - C:\Program Files\Linksys\WUSB54GSC\WLService.exe (GEMTEKS)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e144f4b7\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_47d53a12\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ad779118\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d9d19370\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5bac3bd0\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll ()
MOD - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll ()
MOD - C:\Program Files\Dell PC Fax\dlctrstr.dll ()
MOD - C:\WINDOWS\system32\DLPRMON.DLL ()
MOD - C:\Program Files\Dell PC Fax\ipcmt.dll ()
MOD - C:\WINDOWS\system32\dlcxcaps.dll ()
MOD - C:\WINDOWS\system32\dlcxcfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\DLCXcfg.dll ()
MOD - C:\WINDOWS\system32\dlcxdrs.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll ()
MOD - C:\WINDOWS\system32\dlcxcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll ()
MOD - C:\Program Files\Linksys\WUSB54GSC\Security.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\WINDOWS\system32\GTW32N50.dll ()
MOD - C:\Program Files\Linksys\WUSB54GSC\GEMWEP.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GSC) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (dlcx_device) -- C:\WINDOWS\System32\dlcxcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (atidgllk) -- C:\dell\drivers\R169419\atidgllk.sys (ATI Technologies Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://free.avg.com/ww.homepage-tlbrf
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: " WWW.GOOGLE.COM"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ae25787&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/12 14:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/13 12:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/10 10:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/18 13:22:42 | 000,000,000 | ---D | M]

[2008/12/15 12:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions
[2011/08/20 15:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions
[2011/01/28 11:40:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/16 18:49:57 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/08/20 15:18:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\8zvej24t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/24 12:40:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/13 12:43:11 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/09/10 10:44:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/07 21:03:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/08/12 04:21:14 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml

O1 HOSTS File: ([2011/09/24 12:45:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Greg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{477A5AC8-5CBC-4C60-BA9C-A2AF7719E1D3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/23 22:52:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/21 15:10:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/21 14:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Local Settings\Application Data\ApplicationHistory
[2011/09/21 14:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/21 13:38:27 | 000,000,000 | ---D | C] -- C:\COMBO-FIX4520C
[2011/09/21 13:35:22 | 000,000,000 | ---D | C] -- C:\COMBO-FIX17960C
[2011/09/14 19:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\SUPERAntiSpyware.com
[2011/09/14 19:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/14 19:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/14 13:59:14 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe
[2011/09/13 16:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/13 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/12 21:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\New Folder
[2011/09/12 19:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/12 14:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\GooredFix Backups
[2011/09/12 14:48:05 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Greg\Desktop\GooredFix.exe
[2011/09/09 21:07:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/09/06 11:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Desktop\tdsskiller
[2011/09/05 20:54:16 | 000,000,000 | ---D | C] -- C:\COMBO-FIX30049C
[2011/09/05 20:47:55 | 000,000,000 | ---D | C] -- C:\COMBO-FIX12903C
[2011/09/04 20:57:59 | 000,000,000 | ---D | C] -- C:\COMBO-FIX24678C
[2011/09/04 20:54:45 | 000,000,000 | ---D | C] -- C:\COMBO-FIX18701C
[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/31 18:57:18 | 000,000,000 | ---D | C] -- C:\COMBO-FIX13920C
[2011/08/31 16:13:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/31 15:57:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 15:57:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 15:57:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 15:57:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/31 15:56:06 | 000,000,000 | ---D | C] -- C:\COMBO-FIX
[2011/08/31 15:40:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/31 15:31:02 | 004,222,691 | R--- | C] (Swearware) -- C:\Documents and Settings\Greg\Desktop\COMBO-FIX.exe
[2011/08/31 11:39:01 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Greg\Desktop\RootRepeal.exe
[2011/08/30 23:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\My Documents\My Received Files
[2008/04/02 15:56:23 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2008/04/02 15:55:31 | 000,385,928 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxih.exe
[2008/04/02 15:55:30 | 000,537,480 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
[2008/04/02 15:55:29 | 000,381,832 | R--- | C] ( ) -- C:\WINDOWS\System32\dlcxcfg.exe
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/09/27 14:21:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/27 14:04:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/27 14:04:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/27 13:04:04 | 086,688,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/27 12:59:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/27 12:59:48 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/26 16:32:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\prvlcl.dat
[2011/09/24 12:45:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/22 15:27:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/21 13:36:22 | 004,222,691 | R--- | M] (Swearware) -- C:\Documents and Settings\Greg\Desktop\COMBO-FIX.exe
[2011/09/14 20:58:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/14 19:26:44 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/14 14:29:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Greg\settings.dat
[2011/09/14 14:28:33 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to gmer(1).lnk
[2011/09/14 14:07:46 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to aswMBR.lnk
[2011/09/14 13:59:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Greg\Desktop\aswMBR.exe
[2011/09/13 16:41:22 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/12 20:36:36 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Microsoft Office Word 2007.lnk
[2011/09/12 14:48:56 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/09/12 14:48:05 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Greg\Desktop\GooredFix.exe
[2011/09/09 21:07:09 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to exeHelper.pif
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/08 14:41:34 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/09/06 13:21:58 | 000,005,852 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/09/06 13:21:57 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\5018098FE8.sys
[2011/09/06 13:21:13 | 000,019,574 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\images.bmp
[2011/09/06 13:15:10 | 000,008,761 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\talons.jpg
[2011/09/06 11:33:59 | 001,384,962 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\tdsskiller.zip
[2011/08/31 16:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/31 11:38:18 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to RootRepeal.lnk
[2011/08/30 22:44:40 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\rkill.scr
[2011/08/30 22:29:54 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\rkill.exe
[2011/08/30 14:17:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tusijozo
[2011/09/14 19:26:44 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/14 15:53:35 | 000,089,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/14 14:29:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Greg\settings.dat
[2011/09/14 14:28:33 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to gmer(1).lnk
[2011/09/14 14:00:19 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to aswMBR.lnk
[2011/09/13 16:41:22 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/09/09 23:32:55 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/09 21:07:09 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to exeHelper.pif
[2011/09/06 13:21:13 | 000,019,574 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\images.bmp
[2011/09/06 13:15:41 | 000,008,761 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\talons.jpg
[2011/09/06 11:33:57 | 001,384,962 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\tdsskiller.zip
[2011/08/31 15:57:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 15:57:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 15:57:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 15:57:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 15:57:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/31 11:38:18 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\Shortcut to RootRepeal.lnk
[2011/08/30 22:44:31 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\rkill.scr
[2011/08/30 22:29:47 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Greg\Desktop\rkill.exe
[2011/01/22 13:21:17 | 000,028,144 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/30 21:03:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\prvlcl.dat
[2009/03/08 21:01:34 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/26 13:19:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/11/26 13:19:18 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/04/05 21:07:20 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\5018098FE8.sys
[2008/04/05 21:07:19 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/04/03 19:16:04 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/02 19:52:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/02 15:56:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/04/02 15:56:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/04/02 15:56:23 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/04/02 15:55:30 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2008/04/02 15:55:29 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2008/04/02 15:53:08 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:50:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/13 19:20:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/03/13 19:16:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/03/13 19:16:37 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/03/13 19:16:37 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/03/13 19:16:36 | 000,156,671 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/03/13 19:16:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/03/13 19:16:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/03/13 19:16:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/03/13 19:15:02 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/20 20:06:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/20 20:03:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/20 19:57:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/20 19:56:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/20 19:48:36 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/22 07:42:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/04/24 15:09:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/03/19 19:03:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,443,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,072,356 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

< End of report >

Thank You.

 

[ken545]

Hi,

The log from the fix is not showing that the DNS Cache was emptied and also does not show that the hosts file was replaced. Run this quick fix and post the log from the fix.


Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :processes
  killallprocesses
  
  :OTL
  
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.

Let me know if this new fix stopped the redirects



You also have a file with a date for 2099, strange, we will check that next

C:\WINDOWS\System32\tusijozo

 

[GKFISH]

Hi Ken,

Heres the log from the latest OTL fix you had me run. Just want to thank you for your patients with this fix. Greg

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Greg\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Greg\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Greg
->Temp folder emptied: 652756 bytes
->Temporary Internet Files folder emptied: 58302225 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 89179682 bytes
->Flash cache emptied: 4836 bytes

User: Kiddies
->Temp folder emptied: 652757 bytes
->Temporary Internet Files folder emptied: 54126906 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 125948151 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1640 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14621 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 314.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 09282011_203459

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Greg\Local Settings\Temp\config.dat scheduled to be moved on reboot.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\8T3032FC\dns_err[1].htm moved successfully.
C:\Documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\8T3032FC\dns_err[2].htm moved successfully.
File\Folder C:\WINDOWS\temp\1a5e6605-75ec-42e0-b866-ea21a260541d.tmp not found!

Registry entries deleted on Reboot...

 

[ken545]

How are the redirects?

 

[GKFISH]

Still redirecting.

 

[ken545]

Are both IE and Firefox redirecting or is just one of them

Open IE and go to Tools > Internet Options> Advanced Tab> Reset Internet Explorer Setting> Reset .......this will take a few moments, then close IE and reopen it and let me know if the redirects have stopped with IE

 

[GKFISH]

Ken, redirects have stopped on IE, but persist on Firefox, in fact I now have some type of audio cookie where im getting pharmaceutical ads,petsmart and such. For the life of me I cannot find where this is coming from, even if I close the wind it still plays........Greg