Search Engine Redirect- Malware infection

Yes, I just attempted to visit the safer networking site through google and was redirected to a fake spyware website
 
Does the issue still happen with Firefox only? Please post fresh OTL.txt log.
 
Here is my OTL log. I didn't get an Extras.txt file this time, not sure why.

OTL logfile created on: 8/2/2010 5:13:48 PM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Tim\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 60.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.95 Gb Total Space | 267.76 Gb Free Space | 39.15% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.30 Gb Free Space | 43.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIM-PC
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Tim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Secunia\PSI\psi.exe (Secunia)
PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
PRC - C:\Users\Tim\AppData\Local\Autobahn\autobahn.exe ()
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )


========== Modules (SafeList) ==========

MOD - C:\Users\Tim\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\DRIVERS\psi_mf.sys (Secunia)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWBS2) -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (WMP300Nv1) -- C:\Windows\SysNative\DRIVERS\WMP300Nv1.sys (Broadcom Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: {BC7E2201-1054-4398-BAAF-666D71425BE3}:1.9.1
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/07/21 09:13:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/07/20 17:12:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/02 13:36:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/02 13:36:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/07/29 12:02:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/08/02 13:37:06 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions
[2010/07/23 17:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/02 14:47:23 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\axxk4a2m.default\extensions
[2010/08/02 14:47:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\axxk4a2m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/02 13:36:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/22 19:52:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/22 19:52:17 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/21 11:16:00 | 000,324,264 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11101 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autobahn.lnk = C:\Users\Tim\AppData\Local\Autobahn\autobahn.exe ()
O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Tim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/07/30 15:53:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2010/07/29 13:13:39 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\vlc
[2010/07/29 12:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/29 12:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/29 12:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/07/29 12:20:52 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2010/07/29 12:10:44 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/07/29 12:05:10 | 096,962,344 | ---- | C] (Apple Inc.) -- C:\Users\Tim\Documents\iTunesSetup.exe
[2010/07/29 11:59:29 | 010,835,784 | ---- | C] (Opera Software ASA) -- C:\Users\Tim\Documents\Opera_1060_en_Setup.exe
[2010/07/29 11:59:04 | 033,850,672 | ---- | C] (Apple Inc.) -- C:\Users\Tim\Documents\QuickTimeInstaller.exe
[2010/07/29 11:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2010/07/29 11:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/29 11:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/07/29 11:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2010/07/29 11:22:40 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\SysWow64\igxpun.exe
[2010/07/29 11:22:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2010/07/29 11:22:38 | 000,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\difxapi.dll
[2010/07/29 11:22:38 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\difxapi.dll
[2010/07/29 11:21:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/07/29 11:21:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/07/29 11:18:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2010/07/29 11:18:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2010/07/29 11:18:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2010/07/29 11:18:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2010/07/29 11:18:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2010/07/29 11:18:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2010/07/29 11:18:11 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2010/07/29 11:18:11 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2010/07/29 11:18:11 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2010/07/29 11:18:11 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2010/07/29 11:18:11 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2010/07/29 11:18:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2010/07/29 11:18:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2010/07/29 11:18:08 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2010/07/29 11:18:08 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2010/07/29 11:18:08 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2010/07/29 11:18:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2010/07/29 11:18:08 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2010/07/29 11:18:08 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2010/07/29 11:18:08 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2010/07/29 11:18:08 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2010/07/29 11:18:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2010/07/29 11:18:03 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2010/07/29 11:18:03 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2010/07/29 11:18:03 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2010/07/29 11:18:03 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2010/07/29 11:18:03 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2010/07/29 11:18:03 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2010/07/29 11:18:03 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2010/07/29 11:18:03 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2010/07/29 11:18:02 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2010/07/29 11:18:02 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2010/07/28 09:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/07/28 09:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/07/28 09:39:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/28 09:28:16 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\GooredFix Backups
[2010/07/28 09:27:24 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Tim\Desktop\GooredFix.exe
[2010/07/23 17:05:47 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Thunderbird
[2010/07/23 17:05:47 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Thunderbird
[2010/07/23 17:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010/07/23 10:03:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/23 10:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/07/23 09:36:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\TweakNow RegCleaner
[2010/07/23 09:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow RegCleaner
[2010/07/23 00:55:47 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/22 19:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/22 19:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/22 19:52:32 | 000,423,656 | ---- | C] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/22 19:52:32 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010/07/22 19:52:32 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010/07/22 19:52:32 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010/07/22 19:19:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\AVG9
[2010/07/22 16:06:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/07/21 09:12:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/07/20 17:44:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/07/20 17:29:54 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\AVG Security Toolbar
[2010/07/20 17:13:23 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/20 17:13:21 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/20 17:13:12 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/20 17:12:41 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/07/20 17:12:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/07/20 17:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/07/20 17:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/07/20 17:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/07/20 15:48:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\{BC7E2201-1054-4398-BAAF-666D71425BE3}
[2010/07/20 15:46:31 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\B5B7EF603478AF615E4CAE4F55ECBBBB
[2010/07/07 10:05:32 | 000,017,464 | ---- | C] (Secunia) -- C:\Windows\SysNative\drivers\psi_mf.sys

========== Files - Modified Within 30 Days ==========

[2010/08/02 17:13:51 | 005,767,168 | -HS- | M] () -- C:\Users\Tim\NTUSER.DAT
[2010/08/02 16:58:45 | 000,000,000 | ---- | M] () -- C:\Users\Tim\AppData\Local\prvlcl.dat
[2010/08/02 16:32:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4138809590-1774997512-119863854-1000UA.job
[2010/08/02 16:19:59 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/02 15:20:03 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/02 15:20:03 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/02 13:36:11 | 000,001,804 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 13:36:11 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/02 11:37:04 | 000,020,821 | ---- | M] () -- C:\Users\Tim\Desktop\bookmarks-2010-08-02a
[2010/08/02 11:35:00 | 000,037,915 | ---- | M] () -- C:\Users\Tim\Desktop\bookmarks-2010-08-02b
[2010/08/02 11:28:57 | 000,020,821 | ---- | M] () -- C:\Users\Tim\bookmarks-2010-08-02.json
[2010/08/02 09:55:48 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{128CA760-46B9-4466-9CE7-C6D9C5D3E40D}.job
[2010/08/02 09:52:19 | 062,865,213 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/02 01:20:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/01 20:32:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4138809590-1774997512-119863854-1000Core.job
[2010/07/31 11:26:10 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/31 11:26:10 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/31 11:26:10 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/31 11:20:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/31 11:20:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/31 11:19:52 | 2136,133,631 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/31 11:18:58 | 000,524,288 | -HS- | M] () -- C:\Users\Tim\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/07/31 11:18:58 | 000,065,536 | -HS- | M] () -- C:\Users\Tim\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/07/31 11:18:57 | 001,930,126 | -H-- | M] () -- C:\Users\Tim\AppData\Local\IconCache.db
[2010/07/30 15:53:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2010/07/29 13:45:35 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2010/07/29 13:22:18 | 000,209,920 | ---- | M] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/29 13:13:16 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/29 13:12:23 | 019,473,201 | ---- | M] () -- C:\Users\Tim\Documents\vlc-1.1.1-win32.exe
[2010/07/29 12:23:29 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/29 12:09:17 | 140,467,400 | ---- | M] () -- C:\Users\Tim\Documents\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/07/29 12:06:48 | 096,962,344 | ---- | M] (Apple Inc.) -- C:\Users\Tim\Documents\iTunesSetup.exe
[2010/07/29 12:06:34 | 019,495,102 | ---- | M] () -- C:\Users\Tim\Documents\vlc-1.1.0-win32.exe
[2010/07/29 12:03:56 | 000,000,770 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/29 12:03:56 | 000,000,746 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/07/29 11:59:41 | 010,835,784 | ---- | M] (Opera Software ASA) -- C:\Users\Tim\Documents\Opera_1060_en_Setup.exe
[2010/07/29 11:59:25 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Users\Tim\Documents\QuickTimeInstaller.exe
[2010/07/29 11:13:17 | 000,070,560 | ---- | M] () -- C:\Users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/29 11:12:35 | 000,298,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/28 12:34:32 | 000,002,034 | ---- | M] () -- C:\Users\Tim\Desktop\Google Chrome.lnk
[2010/07/28 12:34:32 | 000,001,996 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/28 09:45:49 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/28 09:27:25 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Tim\Desktop\GooredFix.exe
[2010/07/23 17:05:25 | 000,001,870 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/07/23 17:05:25 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/07/22 19:52:17 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/22 19:52:17 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010/07/22 19:52:17 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010/07/22 19:52:17 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010/07/22 16:06:10 | 000,001,930 | ---- | M] () -- C:\Users\Tim\Desktop\HijackThis.lnk
[2010/07/21 19:43:26 | 000,065,061 | ---- | M] () -- C:\Users\Tim\Desktop\Tim Frank Resume 2010.pdf
[2010/07/20 17:13:24 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/20 17:13:24 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/07/20 17:13:22 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/20 17:13:15 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/20 17:12:42 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/07/20 17:12:41 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/07/07 10:05:32 | 000,017,464 | ---- | M] (Secunia) -- C:\Windows\SysNative\drivers\psi_mf.sys

========== Files Created - No Company Name ==========

[2010/08/02 13:36:11 | 000,001,804 | ---- | C] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/02 13:36:11 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/02 11:37:03 | 000,020,821 | ---- | C] () -- C:\Users\Tim\Desktop\bookmarks-2010-08-02a
[2010/08/02 11:35:00 | 000,037,915 | ---- | C] () -- C:\Users\Tim\Desktop\bookmarks-2010-08-02b
[2010/08/02 11:28:57 | 000,020,821 | ---- | C] () -- C:\Users\Tim\bookmarks-2010-08-02.json
[2010/07/29 13:45:35 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2010/07/29 13:13:16 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/29 13:12:05 | 019,473,201 | ---- | C] () -- C:\Users\Tim\Documents\vlc-1.1.1-win32.exe
[2010/07/29 12:38:24 | 000,393,108 | ---- | C] () -- C:\Users\Tim\AppData\Local\dd_vcredistMSI5908.txt
[2010/07/29 12:38:23 | 000,010,600 | ---- | C] () -- C:\Users\Tim\AppData\Local\dd_vcredistUI5908.txt
[2010/07/29 12:38:20 | 000,357,706 | ---- | C] () -- C:\Users\Tim\AppData\Local\dd_vcredistMSI58FE.txt
[2010/07/29 12:38:20 | 000,012,718 | ---- | C] () -- C:\Users\Tim\AppData\Local\dd_vcredistUI58FE.txt
[2010/07/29 12:25:36 | 000,377,182 | ---- | C] () -- C:\Users\Tim\AppData\Local\dd_vcredistMSI4F3F.txt
[2010/07/29 12:25:36 | 000,010,720 | ---- | C] () -- C:\Users\Tim\AppData\Local\dd_vcredistUI4F3F.txt
[2010/07/29 12:23:29 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/29 12:05:39 | 019,495,102 | ---- | C] () -- C:\Users\Tim\Documents\vlc-1.1.0-win32.exe
[2010/07/29 12:05:24 | 140,467,400 | ---- | C] () -- C:\Users\Tim\Documents\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/07/29 11:18:04 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2010/07/29 11:18:04 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2010/07/29 11:18:04 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2010/07/29 11:18:04 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2010/07/29 11:18:04 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2010/07/29 11:18:04 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2010/07/28 09:45:49 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/23 17:09:01 | 000,000,000 | ---- | C] () -- C:\Users\Tim\AppData\Local\prvlcl.dat
[2010/07/23 17:05:25 | 000,001,870 | ---- | C] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/07/23 17:05:25 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/07/22 16:06:10 | 000,001,930 | ---- | C] () -- C:\Users\Tim\Desktop\HijackThis.lnk
[2010/07/20 17:13:24 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/07/20 17:12:41 | 062,865,213 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/07/20 17:12:41 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/07/20 17:02:10 | 2136,133,631 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/16 12:50:54 | 000,065,061 | ---- | C] () -- C:\Users\Tim\Desktop\Tim Frank Resume 2010.pdf
[2010/04/05 16:34:28 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/12/03 07:56:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 07:55:22 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/07 18:56:50 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/07/07 18:56:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/14 07:02:41 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2009/05/14 07:02:41 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2009/05/14 07:02:41 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/08/02 05:32:02 | 000,000,786 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/06/24 19:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/05/14 07:02:49 | 000,003,812 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/07/31 11:19:52 | 2136,133,631 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/07/19 10:14:03 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/07/31 11:19:51 | 2449,752,063 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/04/23 21:07:07 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2008/12/04 23:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2008/01/20 22:49:58 | 000,357,376 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\taskschd.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 02:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 05:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
 
Hi,

Could you please let me know if its just Firefox affected?
 
Its looking like it is firefox specific. I've attempted similar google/bing searches on IE, Opera, and Chrome and have not been able recreate the redirect.
 
Hi,

Let's try something.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
for %%g in (
C:\Users\Tim\AppData\Local\{BC7E2201-1054-4398-BAAF-666D71425BE3}
C:\Users\Tim\AppData\Roaming\B5B7EF603478AF615E4CAE4F55ECBBBB
) do DIR /a/s %%g >>"%userprofile%\desktop\queryLog.txt"
DEL %0

Right click fixes.bat file and select "run as administrator" to execute it. queryLog.txt file should appear to your desktop. Attach it to your post, please.
 
Last edited:
Hi, here is the querylog:

Volume in drive C is OS
Volume Serial Number is C4D6-118C

Directory of C:\Users\Tim\AppData\Local\{BC7E2201-1054-4398-BAAF-666D71425BE3}

07/20/2010 03:48 PM <DIR> .
07/20/2010 03:48 PM <DIR> ..
07/20/2010 03:48 PM <DIR> chrome
07/20/2010 03:48 PM 122 chrome.manifest
07/20/2010 03:48 PM 764 install.rdf
2 File(s) 886 bytes

Directory of C:\Users\Tim\AppData\Local\{BC7E2201-1054-4398-BAAF-666D71425BE3}\chrome

07/20/2010 03:48 PM <DIR> .
07/20/2010 03:48 PM <DIR> ..
07/20/2010 03:48 PM <DIR> content
0 File(s) 0 bytes

Directory of C:\Users\Tim\AppData\Local\{BC7E2201-1054-4398-BAAF-666D71425BE3}\chrome\content

07/20/2010 03:48 PM <DIR> .
07/20/2010 03:48 PM <DIR> ..
07/20/2010 03:48 PM 5,954 overlay.xul
07/20/2010 03:48 PM 2,082 _cfg.js
2 File(s) 8,036 bytes

Total Files Listed:
4 File(s) 8,922 bytes
8 Dir(s) 263,024,156,672 bytes free
Volume in drive C is OS
Volume Serial Number is C4D6-118C

Directory of C:\Users\Tim\AppData\Roaming\B5B7EF603478AF615E4CAE4F55ECBBBB

07/20/2010 03:46 PM <DIR> .
07/20/2010 03:46 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 263,024,156,672 bytes free
Volume in drive C is OS
Volume Serial Number is C4D6-118C

Directory of C:\Users\Tim\AppData\Local\{BC7E2201-1054-4398-BAAF-666D71425BE3}

07/20/2010 03:48 PM <DIR> .
07/20/2010 03:48 PM <DIR> ..
07/20/2010 03:48 PM <DIR> chrome
07/20/2010 03:48 PM 122 chrome.manifest
07/20/2010 03:48 PM 764 install.rdf
2 File(s) 886 bytes

Directory of C:\Users\Tim\AppData\Local\{BC7E2201-1054-4398-BAAF-666D71425BE3}\chrome

07/20/2010 03:48 PM <DIR> .
07/20/2010 03:48 PM <DIR> ..
07/20/2010 03:48 PM <DIR> content
0 File(s) 0 bytes

Directory of C:\Users\Tim\AppData\Local\{BC7E2201-1054-4398-BAAF-666D71425BE3}\chrome\content

07/20/2010 03:48 PM <DIR> .
07/20/2010 03:48 PM <DIR> ..
07/20/2010 03:48 PM 5,954 overlay.xul
07/20/2010 03:48 PM 2,082 _cfg.js
2 File(s) 8,036 bytes

Total Files Listed:
4 File(s) 8,922 bytes
8 Dir(s) 263,023,841,280 bytes free
Volume in drive C is OS
Volume Serial Number is C4D6-118C

Directory of C:\Users\Tim\AppData\Roaming\B5B7EF603478AF615E4CAE4F55ECBBBB

07/20/2010 03:46 PM <DIR> .
07/20/2010 03:46 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 263,023,841,280 bytes free
 
Please delete these folders and see if redirecting still occurs:
C:\Users\Tim\AppData\Local\{BC7E2201-1054-4398-BAAF-666D71425BE3}
C:\Users\Tim\AppData\Roaming\B5B7EF603478AF615E4CAE4F55ECBBBB
 
Hey,

I deleted, emptied recycle bin, opened FF, attempted to access safer networking from google, redirected to fake anti virus site.
 
Hi,

Uninstall Firefox again and then do the following:

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :Files
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox
C:\Program Files (x86)\Mozilla Firefox
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post OTL resultant log

Reinstall Firefox and see if the same problem exists. If it does post a fresh OTL.txt log.
 
Last edited:
I've reinstalled FF, and so far have not seen the redirect. Since the redirect tends to execute infrequently, I'll continue to check and will report back if it resurfaces in the next day or two. In the meantime, any more steps I need to take to protect myself?

Also, I found this odd, when my system rebooted after running OTL, my background is now solid black. Not a big deal, but thought it was worth mentioning.

Here is the OTL resultant log:

All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[start explorer]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTL by OldTimer - Version 3.2.9.1 log created on 08052010_103709

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Hi,

I've reinstalled FF, and so far have not seen the redirect. Since the redirect tends to execute infrequently, I'll continue to check and will report back if it resurfaces in the next day or two.
Click to expand...
I'll wait for next status report in redirecting issue in a few days then :)

In the meantime, any more steps I need to take to protect myself?
Click to expand...
Nope. Those I listed earlier are still the necessary ones.

Also, I found this odd, when my system rebooted after running OTL, my background is now solid black. Not a big deal, but thought it was worth mentioning.
Click to expand...
Could you try to change the background manually?
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top