Google "unusual traffic" message - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Google "unusual traffic" message

#1 jogibso1

  • Group: Member
  • Posts: 112
  • Joined: 03-June 07

Posted 19 April 2011 - 05:27 PM

I am getting this message from Google when searching:

Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot.

Have I been hijacked or something?

#2 jogibso1

  • Group: Member
  • Posts: 112
  • Joined: 03-June 07

Posted 19 April 2011 - 05:30 PM

sorry I forgot, OTL log coming...

#3 jogibso1

  • Group: Member
  • Posts: 112
  • Joined: 03-June 07

Posted 19 April 2011 - 05:30 PM

OTL logfile created on: 4/19/2011 7:28:00 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Gibsons\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 295.03 Gb Total Space | 214.32 Gb Free Space | 72.64% Space Free | Partition Type: NTFS
Drive I: | 232.83 Gb Total Space | 68.21 Gb Free Space | 29.30% Space Free | Partition Type: FAT32

Computer Name: GIBSON | User Name: Gibsons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/19 19:27:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gibsons\Desktop\OTL.exe
PRC - [2011/04/18 08:09:59 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/18 08:09:58 | 001,378,040 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/03/23 20:35:05 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/14 11:37:36 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 10:43:49 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 08:50:52 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/12 09:52:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/12 09:51:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/12 09:51:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/05/26 09:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/05/26 09:35:14 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 19:27:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gibsons\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/26 09:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Creative Service for CDROM Access)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 08:09:58 | 001,378,040 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/01 16:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/07/12 09:51:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/05/26 09:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/04/28 20:25:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/09/02 17:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2010/11/04 10:24:43 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 09:52:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/12 09:52:30 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/12 09:52:29 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/06 13:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/26 09:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/07/26 11:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 11:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 11:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/13 10:12:28 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/07/16 21:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/04/24 12:59:30 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2006/04/24 12:57:20 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071101
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071101

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {458BAD97-5140-4C13-8B80-3E6EE30A0B18}:1.9.1
FF - prefs.js..extensions.enabledItems: {9116E62C-500C-4BBD-8CA6-5C342EC1DC55}:1.9.1
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\{458BAD97-5140-4C13-8B80-3E6EE30A0B18}: C:\Documents and Settings\Gibsons\Local Settings\Application Data\{458BAD97-5140-4C13-8B80-3E6EE30A0B18} [2009/10/17 11:19:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9116E62C-500C-4BBD-8CA6-5C342EC1DC55}: C:\Documents and Settings\Gibsons\Local Settings\Application Data\{9116E62C-500C-4BBD-8CA6-5C342EC1DC55} [2011/04/01 17:37:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 14:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 14:43:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 11:05:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 20:35:11 | 000,000,000 | ---D | M]

[2008/09/21 11:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gibsons\Application Data\Mozilla\Extensions
[2011/04/19 13:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gibsons\Application Data\Mozilla\Firefox\Profiles\j0eclhgx.default\extensions
[2010/11/19 08:30:30 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Gibsons\Application Data\Mozilla\Firefox\Profiles\j0eclhgx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/04/19 13:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/18 09:21:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 09:05:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/11/07 19:14:28 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\GIBSONS\APPLICATION DATA\MOVE NETWORKS
[2009/10/17 11:19:43 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\GIBSONS\LOCAL SETTINGS\APPLICATION DATA\{458BAD97-5140-4C13-8B80-3E6EE30A0B18}
[2011/04/01 17:37:17 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\GIBSONS\LOCAL SETTINGS\APPLICATION DATA\{9116E62C-500C-4BBD-8CA6-5C342EC1DC55}
[2010/11/24 14:43:25 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2011/02/07 14:43:10 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010/11/18 09:20:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/31 13:03:08 | 000,000,029 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZon1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Gvowoy] File not found
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Fpukurow] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: mvtq = C:\DOCUME~1\Gibsons\LOCALS~1\Temp\ixic.exe
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai...cat-no-eula.cab (Citrix ICA Client)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...1/uploader2.cab (UploadListView Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...4/uploader2.cab (UploadListView Class)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.onlinegis...AB/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.55.5.10 209.55.5.11
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gibsons\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{998ee535-2ed0-11e0-9356-001aa099860a}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{998ee535-2ed0-11e0-9356-001aa099860a}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{d382d230-9cc5-11de-af90-001aa099860a}\Shell - "" = AutoRun
O33 - MountPoints2\{d382d230-9cc5-11de-af90-001aa099860a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d382d230-9cc5-11de-af90-001aa099860a}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
O33 - MountPoints2\{f81e4caf-f3d8-11df-933b-001aa099860a}\Shell\AutoRun\command - "" = E:\Connect.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/19 19:27:52 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gibsons\Desktop\OTL.exe
[2011/04/18 13:58:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/14 13:23:25 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gibsons\Desktop\mbam-setup.exe
[2011/04/13 12:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gibsons\Desktop\vof
[2011/04/04 20:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gibsons\Desktop\lake effects 3
[2011/04/04 14:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gibsons\Desktop\board items
[2011/04/01 17:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gibsons\Local Settings\Application Data\{9116E62C-500C-4BBD-8CA6-5C342EC1DC55}
[2011/03/23 13:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gibsons\Desktop\lake effects
[2011/03/23 10:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gibsons\Desktop\david lynch
[2007/12/05 14:31:23 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll

========== Files - Modified Within 30 Days ==========

[2011/04/19 19:27:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gibsons\Desktop\OTL.exe
[2011/04/19 18:26:06 | 074,853,846 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/19 15:04:29 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Gibsons\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2011/04/19 13:30:25 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Gibsons\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
[2011/04/18 17:37:27 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/18 17:36:58 | 000,000,442 | -H-- | M] () -- C:\aaw7boot.cmd
[2011/04/18 13:55:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/18 13:55:58 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 08:10:05 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/15 13:13:29 | 000,415,509 | ---- | M] () -- C:\Documents and Settings\Gibsons\Desktop\new app3.pdf
[2011/04/15 13:07:39 | 000,471,768 | ---- | M] () -- C:\Documents and Settings\Gibsons\Desktop\new app2.pdf
[2011/04/15 13:05:41 | 000,493,563 | ---- | M] () -- C:\Documents and Settings\Gibsons\Desktop\new app1.pdf
[2011/04/15 13:03:50 | 000,249,436 | ---- | M] () -- C:\Documents and Settings\Gibsons\Desktop\enrollment form jcg.pdf
[2011/04/15 12:47:12 | 000,476,622 | ---- | M] () -- C:\Documents and Settings\Gibsons\Desktop\2011 FSA Enrollment Form103.pdf
[2011/04/15 12:44:06 | 000,024,327 | ---- | M] () -- C:\Documents and Settings\Gibsons\Desktop\enrollment application.pdf
[2011/04/14 13:24:14 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/14 13:23:33 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gibsons\Desktop\mbam-setup.exe
[2011/04/14 11:45:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/13 13:17:17 | 000,026,697 | ---- | M] () -- C:\Documents and Settings\Gibsons\Desktop\dusters t-design.ai
[2011/04/13 11:44:51 | 000,218,624 | ---- | M] () -- C:\Documents and Settings\Gibsons\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/06 12:03:42 | 011,781,962 | ---- | M] () -- C:\Documents and Settings\Gibsons\Desktop\hat poster.jpg
[2011/04/06 11:54:50 | 755,576,279 | ---- | M] () -- C:\Documents and Settings\Gibsons\Desktop\hat poster.psd
[2011/04/06 07:59:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 11:10:16 | 002,504,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/01 20:05:22 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ozizam.dat
[2011/04/01 17:37:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fkawarusan.bin
[2011/04/01 14:24:42 | 000,129,396 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/29 19:34:40 | 000,271,180 | ---- | M] () -- C:\Documents and Settings\Gibsons\Desktop\2208 westover closing form.pdf
[2011/03/23 13:26:27 | 026,254,980 | ---- | M] () -- C:\Documents and Settings\Gibsons\Desktop\blackout.psd

========== Files Created - No Company Name ==========

[2011/04/18 17:36:58 | 000,000,442 | -H-- | C] () -- C:\aaw7boot.cmd
[2011/04/15 13:13:27 | 000,415,509 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\new app3.pdf
[2011/04/15 13:07:36 | 000,471,768 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\new app2.pdf
[2011/04/15 13:05:40 | 000,493,563 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\new app1.pdf
[2011/04/15 13:03:42 | 000,249,436 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\enrollment form jcg.pdf
[2011/04/15 12:44:06 | 000,024,327 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\enrollment application.pdf
[2011/04/14 13:24:14 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/13 13:17:17 | 000,026,697 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\dusters t-design.ai
[2011/04/06 12:03:38 | 011,781,962 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\hat poster.jpg
[2011/04/05 21:48:28 | 755,576,279 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\hat poster.psd
[2011/03/29 19:34:01 | 000,271,180 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\2208 westover closing form.pdf
[2011/03/24 12:02:44 | 000,476,622 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\2011 FSA Enrollment Form103.pdf
[2011/03/23 13:26:25 | 026,254,980 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\blackout.psd
[2011/03/22 20:25:58 | 006,155,555 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\DOT merged.pdf
[2011/03/22 20:25:06 | 230,427,356 | ---- | C] () -- C:\Documents and Settings\Gibsons\Desktop\ruth.psd
[2010/07/12 19:21:42 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/06 10:20:02 | 000,065,344 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2010/04/19 18:26:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/19 18:26:46 | 000,018,618 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\63RDu2gJKQ
[2010/04/19 18:26:46 | 000,018,618 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\63RDu2gJKQ
[2010/04/18 14:27:19 | 000,017,066 | -HS- | C] () -- C:\Documents and Settings\Gibsons\Local Settings\Application Data\518805218
[2010/04/18 14:26:46 | 000,017,098 | -HS- | C] () -- C:\Documents and Settings\Gibsons\Local Settings\Application Data\741802610
[2010/04/18 14:26:46 | 000,017,098 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\518805218
[2010/04/18 14:26:36 | 000,017,102 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\741802610
[2010/04/18 14:26:36 | 000,017,102 | -HS- | C] () -- C:\Documents and Settings\Gibsons\Local Settings\Application Data\1453u0RIbo
[2010/04/18 06:11:40 | 000,017,094 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\1453u0RIbo
[2010/04/18 06:11:40 | 000,017,094 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1453u0RIbo
[2010/02/21 11:57:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/08 18:39:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/08 07:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fkawarusan.bin
[2010/01/08 07:13:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ozizam.dat
[2009/10/18 18:16:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/18 18:16:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/18 18:16:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/18 18:16:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/01 22:57:43 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/10 07:09:52 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/05 13:46:00 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/11 15:32:28 | 006,772,736 | ---- | C] () -- C:\WINDOWS\System32\tliadjust30.dll
[2008/09/21 11:40:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/12 13:57:16 | 002,121,728 | ---- | C] () -- C:\WINDOWS\System32\tliadjust24.dll
[2008/08/10 10:07:09 | 000,000,162 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/06/05 22:46:59 | 000,129,396 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/12/12 23:12:11 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/12/06 23:34:35 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/12/06 23:34:35 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\13691C7ED6.sys
[2007/11/13 21:55:50 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/11/12 15:11:00 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/12 10:57:55 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\Gibsons\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/06 07:43:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/05 23:23:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/11/05 23:08:41 | 000,130,891 | ---- | C] () -- C:\WINDOWS\hpoins12.dat
[2007/11/05 23:08:41 | 000,001,470 | ---- | C] () -- C:\WINDOWS\hpomdl12.dat
[2007/11/01 09:21:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/11/01 09:11:29 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/11/01 09:11:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/01 08:49:33 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2007/11/01 08:49:29 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/11/01 08:49:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/11/01 08:48:18 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/10/19 20:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/18 05:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 002,504,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,384,926 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,054,484 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:17 | 008,122,112 | ---- | C] () -- C:\WINDOWS\System32\xniewour.dat
[2004/08/10 14:51:17 | 000,219,392 | ---- | C] () -- C:\WINDOWS\System32\rcnqaqxu.dat
[2004/08/10 14:51:17 | 000,175,360 | ---- | C] () -- C:\WINDOWS\System32\kenwcijt.dat
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/04/19 18:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/07/12 09:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/11/20 13:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/03/14 11:38:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/11/13 21:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/12/12 23:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/10/29 09:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2011/03/11 12:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF reDirect
[2007/11/01 09:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/01/08 18:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/11/13 21:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/03/27 01:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/09/15 07:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/12 10:02:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2008/09/05 23:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\Alien Skin
[2011/04/12 20:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\BitTorrent
[2007/11/19 23:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\BitTorrent DNA
[2010/04/13 00:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\CAAC2E6BC5A46C409D2932A5D868E119
[2008/09/07 12:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\Canon
[2010/07/12 10:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\CheckPoint
[2008/07/13 10:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\DAEMON Tools
[2010/11/15 11:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\FileZilla
[2007/11/06 07:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\ICAClient
[2009/04/05 13:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\Leadertech
[2007/11/13 21:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\Nikon
[2008/01/01 23:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\Opera
[2009/08/18 17:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\ovwuoxsj
[2011/03/11 12:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\PDF reDirect
[2009/06/23 17:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\Playskool
[2007/11/13 22:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\Snapfish
[2010/08/24 13:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gibsons\Application Data\Softland
[2011/04/18 17:37:27 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

#4 jogibso1

  • Group: Member
  • Posts: 112
  • Joined: 03-June 07

Posted 20 April 2011 - 11:46 AM

Here is the exact warning:


Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot....etc. Worried I have a virus sending info via my connection

#5 jogibso1

  • Group: Member
  • Posts: 112
  • Joined: 03-June 07

Posted 02 May 2011 - 01:13 PM

ANY IDEAS ON THIS? AM I IN THE RIGHT FORUM?

#6 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,596
  • Joined: 31-May 06

Posted 02 May 2011 - 01:29 PM

Hi - If you answer yourself you will be bypassed as we assume you are allready being helped

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O4 - HKLM..\Run: [Gvowoy] File not found
    O4 - HKCU..\Run: [Fpukurow] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: mvtq = C:\DOCUME~1\Gibsons\LOCALS~1\Temp\ixic.exe
    [2011/04/01 20:05:22 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ozizam.dat
    [2011/04/01 17:37:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fkawarusan.bin
    [2010/04/19 18:26:46 | 000,018,618 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\63RDu2gJKQ
    [2010/04/19 18:26:46 | 000,018,618 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\63RDu2gJKQ
    [2010/04/18 14:27:19 | 000,017,066 | -HS- | C] () -- C:\Documents and Settings\Gibsons\Local Settings\Application Data\518805218
    [2010/04/18 14:26:46 | 000,017,098 | -HS- | C] () -- C:\Documents and Settings\Gibsons\Local Settings\Application Data\741802610
    [2010/04/18 14:26:46 | 000,017,098 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\518805218
    [2010/04/18 14:26:36 | 000,017,102 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\741802610
    [2010/04/18 14:26:36 | 000,017,102 | -HS- | C] () -- C:\Documents and Settings\Gibsons\Local Settings\Application Data\1453u0RIbo
    [2010/04/18 06:11:40 | 000,017,094 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\1453u0RIbo
    [2010/04/18 06:11:40 | 000,017,094 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1453u0RIbo
    [2010/01/08 07:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fkawarusan.bin
    [2010/01/08 07:13:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ozizam.dat
    [2010/04/19 18:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#7 jogibso1

  • Group: Member
  • Posts: 112
  • Joined: 03-June 07

Posted 02 May 2011 - 01:49 PM

Aha, I see. Thanks for the clarification!



All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Gvowoy deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Fpukurow deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\mvtq deleted successfully.
C:\WINDOWS\Ozizam.dat moved successfully.
C:\WINDOWS\Fkawarusan.bin moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\63RDu2gJKQ moved successfully.
C:\Documents and Settings\All Users\Application Data\63RDu2gJKQ moved successfully.
C:\Documents and Settings\Gibsons\Local Settings\Application Data\518805218 moved successfully.
C:\Documents and Settings\Gibsons\Local Settings\Application Data\741802610 moved successfully.
C:\Documents and Settings\All Users\Application Data\518805218 moved successfully.
C:\Documents and Settings\All Users\Application Data\741802610 moved successfully.
C:\Documents and Settings\Gibsons\Local Settings\Application Data\1453u0RIbo moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\1453u0RIbo moved successfully.
C:\Documents and Settings\All Users\Application Data\1453u0RIbo moved successfully.
File C:\WINDOWS\Fkawarusan.bin not found.
File C:\WINDOWS\Ozizam.dat not found.
C:\Documents and Settings\All Users\Application Data\avG folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Gibsons\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Gibsons\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gibsons
->Temp folder emptied: 6230387922 bytes
->Temporary Internet Files folder emptied: 10233917 bytes
->Java cache emptied: 217099 bytes
->FireFox cache emptied: 110233832 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 54049 bytes

User: LocalService
->Temp folder emptied: 2046284 bytes
->Temporary Internet Files folder emptied: 1687753 bytes
->Flash cache emptied: 19000 bytes

User: NetworkService
->Temp folder emptied: 1985240 bytes
->Temporary Internet Files folder emptied: 1144613 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 43811 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3106163 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1112 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 225945 bytes
RecycleBin emptied: 2343980829 bytes

Total Files Cleaned = 8,302.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Gibsons
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05022011_153720

Files\Folders moved on Reboot...
C:\Documents and Settings\Gibsons\Local Settings\Temp\~DFF699.tmp moved successfully.
C:\Documents and Settings\Gibsons\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0eclhgx.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Gibsons\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0eclhgx.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Gibsons\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0eclhgx.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Gibsons\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0eclhgx.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Gibsons\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0eclhgx.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Gibsons\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0eclhgx.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!
File\Folder C:\WINDOWS\temp\ZLT02867.TMP not found!

Registry entries deleted on Reboot...
















aswMBR version 0.9.5.247 Copyright© 2011 AVAST Software
Run date: 2011-05-02 15:46:59
-----------------------------
15:46:59.343 OS Version: Windows 5.1.2600 Service Pack 3
15:46:59.343 Number of processors: 2 586 0xF0D
15:46:59.343 ComputerName: GIBSON UserName:
15:47:00.312 Initialize success
15:47:09.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:47:09.171 Disk 0 Vendor: Hitachi_HDT725032VLA360 V54OA73A Size: 305245MB BusType: 3
15:47:11.187 Disk 0 MBR read successfully
15:47:11.187 Disk 0 MBR scan
15:47:11.187 Disk 0 unknown MBR code
15:47:13.187 Disk 0 scanning sectors +625137345
15:47:13.218 Disk 0 scanning C:\WINDOWS\system32\drivers
15:47:20.093 Service scanning
15:47:21.171 Disk 0 trace - called modules:
15:47:21.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:47:21.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a89cab8]
15:47:21.187 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a8a1188]
15:47:21.187 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8aed98]
15:47:21.187 Scan finished successfully
15:48:18.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gibsons\Desktop\MALWARE\MBR.dat"
15:48:18.390 The log file has been saved successfully to "C:\Documents and Settings\Gibsons\Desktop\MALWARE\aswMBR.txt"

#8 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,596
  • Joined: 31-May 06

Posted 02 May 2011 - 02:00 PM

Could you let me know if that has cleared your problem please

Also could you update and run Malwarebytes and post the resultant log :)

#9 jogibso1

  • Group: Member
  • Posts: 112
  • Joined: 03-June 07

Posted 02 May 2011 - 02:07 PM

So far so good! I usually notice it a few times thru the day though, so will get back to you in a day or so to confirm?



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6493

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/2/2011 4:06:49 PM
mbam-log-2011-05-02 (16-06-49).txt

Scan type: Quick scan
Objects scanned: 151570
Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,596
  • Joined: 31-May 06

Posted 02 May 2011 - 02:29 PM

OK run it for a day or so and if all is clear I will remove my tools :)

#11 jogibso1

  • Group: Member
  • Posts: 112
  • Joined: 03-June 07

Posted 02 May 2011 - 03:25 PM

doh! just got the same notice after searching google. It appears on both my desktop and my laptop, I just noticed, if that helps. network related?

#12 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,596
  • Joined: 31-May 06

Posted 02 May 2011 - 03:28 PM

OK that may help - first we will reset your router

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

THEN

On both computers - label the logs laptop and desk please

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#13 jogibso1

  • Group: Member
  • Posts: 112
  • Joined: 03-June 07

Posted 03 May 2011 - 07:23 AM

I dont have a reset button, but did a power cycle best I know how (unplug everything, leave off for a few minutes)





DESKTOP
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6493

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/3/2011 9:07:35 AM
mbam-log-2011-05-03 (09-07-35).txt

Scan type: Quick scan
Objects scanned: 151607
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)














LAPTOP
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6499

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/3/2011 9:19:33 AM
mbam-log-2011-05-03 (09-19-33).txt

Scan type: Quick scan
Objects scanned: 205276
Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> Value: 1 -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,596
  • Joined: 31-May 06

Posted 03 May 2011 - 10:56 AM

Are you still getting the warnings from Google ?

#15 jogibso1

  • Group: Member
  • Posts: 112
  • Joined: 03-June 07

Posted 03 May 2011 - 10:58 AM

so far so good since resetting!

Share this topic:


  • 6 Pages +
  • 1
  • 2
  • 3
  • Last »