Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect Problem/Windows 7

Started by cold.wake.up , May 15 2011 03:31 PM

  • Please log in to reply

#16
cold.wake.up
Posted 23 May 2011 - 01:14 PM

cold.wake.up

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Yeah, I mentioned earlier that I believed it was the router, because all the computers have been affected (despite dissimilar usage).

I did uninstall Adobe Download Manager and BitComet. However, I couldn't find the Ask toolbar in the Uninstall programs menu.

I tried to clear the Java cache, but it appears Java is no longer installed. I didn't see any Java icon inside the control panel. As well, it isn't listed among the installed programs on my computer. I skipped that step, and installed the lastest Java.

Quick questions:
1. When can I re-install my anti-virus/anti-spyware software again?
2. Since we believe it is the router, what do I do about that to fix the problem permanently?

I wasn't sure if you wanted me to do a quick scan, or repeated the custom fix you listed. To be cautious, I just did a quick scan.

OTL
--
OTL logfile created on: 5/23/2011 2:06:49 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\J-Hill\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 373.04 Gb Free Space | 82.18% Space Free | Partition Type: NTFS

Computer Name: J-HILL-PC | User Name: J-Hill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 16:15:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\J-Hill\Desktop\OTL.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/07 08:10:46 | 000,458,240 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/17 15:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 16:15:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\J-Hill\Desktop\OTL.exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/30 02:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/12/07 08:10:46 | 000,458,240 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2010/07/23 13:14:23 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/17 15:17:05 | 000,434,864 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 06:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/12/07 08:10:48 | 000,026,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2010/08/20 23:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/21 14:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/11 15:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/30 12:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 05:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/20 06:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/17 15:02:03 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/24 22:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/05 03:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/28 12:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/04/28 12:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...h0z145a4481x56n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...h0z145a4481x56n

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/16 15:50:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/05 14:59:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/23 14:03:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/02/12 15:26:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/05/17 16:36:41 | 000,000,000 | ---D | M]

[2010/07/27 19:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J-Hill\AppData\Roaming\Mozilla\Extensions
[2010/07/27 19:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J-Hill\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/23 13:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J-Hill\AppData\Roaming\Mozilla\Firefox\Profiles\jayi16qx.default\extensions
[2011/05/23 14:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/23 14:03:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/16 15:50:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\J-HILL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JAYI16QX.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/05/23 14:03:10 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/23 02:10:11 | 000,000,851 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.127.105 look-serch-resu1t.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4 - Startup: C:\Users\J-Hill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: uiowa.edu ([vpn] https in Trusted sites)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uiowa.ed...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 13:52:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/23 02:40:48 | 000,061,440 | ---- | C] ( ) -- C:\Users\J-Hill\Desktop\VEW.exe
[2011/05/23 02:00:19 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/05/22 11:16:20 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\J-Hill\Desktop\GooredFix.exe
[2011/05/22 11:13:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/22 10:20:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/22 00:03:20 | 000,000,000 | ---D | C] -- C:\Users\J-Hill\AppData\Roaming\skypePM
[2011/05/22 00:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/22 00:02:09 | 000,000,000 | ---D | C] -- C:\Users\J-Hill\AppData\Roaming\Skype
[2011/05/22 00:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/22 00:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/05/22 00:01:22 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/05/22 00:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/05/20 21:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
[2011/05/20 21:16:04 | 000,000,000 | ---D | C] -- C:\Users\J-Hill\AppData\Local\Focus Home Interactive
[2011/05/20 21:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focus Home Interactive
[2011/05/20 16:51:25 | 000,000,000 | ---D | C] -- C:\Users\J-Hill\AppData\Roaming\OpenOffice.org
[2011/05/20 16:42:42 | 000,000,000 | --SD | C] -- C:\Users\J-Hill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/05/20 16:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011/05/20 16:34:59 | 000,000,000 | ---D | C] -- C:\Users\J-Hill\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2011/05/19 21:05:45 | 000,000,000 | ---D | C] -- C:\Users\J-Hill\Desktop\RE__Meeting_for_Tomorrow_(Monday)
[2011/05/18 20:10:38 | 000,000,000 | ---D | C] -- C:\Users\J-Hill\Desktop\SetACL 2.2.1
[2011/05/16 15:51:48 | 000,287,576 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/05/16 15:51:48 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/05/16 15:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/16 15:51:44 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/05/16 15:51:44 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/05/16 15:51:40 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/05/16 15:51:34 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/05/16 15:50:21 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/05/16 15:50:21 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/16 14:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/16 14:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/16 14:07:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/16 14:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/16 14:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/16 01:22:17 | 000,000,000 | ---D | C] -- C:\Users\J-Hill\DoctorWeb
[2011/05/16 01:06:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/16 00:58:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/16 00:58:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/16 00:58:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/16 00:55:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/16 00:52:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/16 00:52:17 | 000,000,000 | ---D | C] -- C:\Users\J-Hill\AppData\Local\CrashDumps
[2011/05/15 21:09:21 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2011/05/15 19:19:27 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/05/15 19:16:28 | 000,000,000 | ---D | C] -- C:\Users\J-Hill\Documents\Symantec
[2011/05/15 18:11:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/05/15 16:15:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\J-Hill\Desktop\OTL.exe
[2011/05/15 16:11:04 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\J-Hill\Desktop\TDSSKiller.exe
[2011/05/15 16:09:50 | 000,000,000 | ---D | C] -- C:\Users\J-Hill\Desktop\GooredFix Backups
[2011/05/15 15:57:57 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/15 15:56:49 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\J-Hill\Desktop\OTM.exe
[2011/05/15 15:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/05/15 15:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/05/15 15:54:49 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\J-Hill\Desktop\erunt-setup.exe
[2011/05/15 15:35:10 | 001,930,720 | ---- | C] (Symantec Corporation) -- C:\Users\J-Hill\Desktop\FixTDSS.exe
[2011/05/10 02:24:53 | 000,000,000 | ---D | C] -- C:\Users\J-Hill\Desktop\Portfolio
[2011/04/30 21:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseScore 1.0
[2011/04/30 21:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MuseScore
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\J-Hill\Desktop\*.tmp files -> C:\Users\J-Hill\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/23 14:01:07 | 000,027,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 14:01:07 | 000,027,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 14:00:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1479716678-2644827092-3992687950-1000UA.job
[2011/05/23 13:53:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/23 13:53:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/23 13:53:29 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/23 13:42:07 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/23 02:40:49 | 000,061,440 | ---- | M] ( ) -- C:\Users\J-Hill\Desktop\VEW.exe
[2011/05/23 02:10:11 | 000,000,851 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/05/23 02:08:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/23 02:08:46 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/23 02:08:46 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/23 01:45:04 | 000,001,376 | ---- | M] () -- C:\Users\J-Hill\Desktop\Norton Installation Files.lnk
[2011/05/23 01:41:44 | 000,932,400 | ---- | M] () -- C:\Users\J-Hill\Desktop\Norton_Removal_Tool.exe
[2011/05/22 15:00:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1479716678-2644827092-3992687950-1000Core.job
[2011/05/22 11:17:33 | 001,280,208 | ---- | M] () -- C:\Users\J-Hill\Desktop\tdsskiller.zip
[2011/05/22 11:16:20 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\J-Hill\Desktop\GooredFix.exe
[2011/05/22 11:13:04 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/05/22 10:20:09 | 004,352,705 | R--- | M] () -- C:\Users\J-Hill\Desktop\ComboFix.exe
[2011/05/22 10:11:55 | 000,000,512 | ---- | M] () -- C:\Users\J-Hill\Desktop\MBR.dat
[2011/05/22 00:03:27 | 000,000,048 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/22 00:01:29 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/21 15:26:18 | 000,104,309 | ---- | M] () -- C:\Users\J-Hill\Desktop\Aftermath_African_Amer_Suicide.pdf
[2011/05/21 10:49:00 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/21 10:49:00 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/05/21 10:45:02 | 004,928,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/20 21:32:13 | 000,002,292 | ---- | M] () -- C:\Users\Public\Desktop\Cities XL 2011.lnk
[2011/05/20 16:52:03 | 000,001,246 | ---- | M] () -- C:\Users\J-Hill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/05/20 16:42:43 | 000,001,196 | ---- | M] () -- C:\Users\J-Hill\Desktop\OpenOffice.org 3.3.lnk
[2011/05/18 20:39:30 | 000,048,504 | ---- | M] () -- C:\registry_5_18.reg
[2011/05/17 12:13:08 | 000,001,448 | ---- | M] () -- C:\Users\J-Hill\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/17 11:22:39 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/05/17 11:22:37 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/05/16 22:44:14 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/16 22:44:14 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/05/16 15:51:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/05/16 15:40:40 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/15 17:59:53 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts.bob
[2011/05/15 16:15:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\J-Hill\Desktop\OTL.exe
[2011/05/15 15:56:59 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\J-Hill\Desktop\OTM.exe
[2011/05/15 15:55:21 | 000,000,935 | ---- | M] () -- C:\Users\J-Hill\Desktop\NTREGOPT.lnk
[2011/05/15 15:55:21 | 000,000,916 | ---- | M] () -- C:\Users\J-Hill\Desktop\ERUNT.lnk
[2011/05/15 15:54:57 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\J-Hill\Desktop\erunt-setup.exe
[2011/05/15 15:54:05 | 000,513,320 | ---- | M] () -- C:\Users\J-Hill\Desktop\erunt.zip
[2011/05/14 00:23:29 | 000,150,588 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/14 00:01:14 | 000,002,375 | ---- | M] () -- C:\Users\J-Hill\Desktop\Google Chrome.lnk
[2011/05/13 13:21:28 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\J-Hill\Desktop\TDSSKiller.exe
[2011/05/12 22:09:03 | 003,756,986 | ---- | M] () -- C:\Users\J-Hill\Desktop\RE__Meeting_for_Tomorrow_(Monday).zip
[2011/05/12 01:18:18 | 383,339,337 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/10 07:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 07:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/05/10 07:10:44 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/05/10 07:04:08 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/05/10 07:04:07 | 000,287,576 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/05/10 07:02:41 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/05/10 06:59:59 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/05/10 06:59:48 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/05/10 06:59:37 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/05/05 14:59:17 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/04 23:55:05 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Comet Player.lnk
[2011/05/04 23:55:05 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2011/04/30 20:12:53 | 000,163,084 | ---- | M] () -- C:\Users\J-Hill\Desktop\295.zip
[2011/04/23 18:20:39 | 000,000,034 | ---- | M] () -- C:\Windows\ebraryRdr.ini
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\J-Hill\Desktop\*.tmp files -> C:\Users\J-Hill\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/23 01:41:42 | 000,932,400 | ---- | C] () -- C:\Users\J-Hill\Desktop\Norton_Removal_Tool.exe
[2011/05/23 01:40:51 | 000,001,376 | ---- | C] () -- C:\Users\J-Hill\Desktop\Norton Installation Files.lnk
[2011/05/22 11:17:30 | 001,280,208 | ---- | C] () -- C:\Users\J-Hill\Desktop\tdsskiller.zip
[2011/05/22 10:11:55 | 000,000,512 | ---- | C] () -- C:\Users\J-Hill\Desktop\MBR.dat
[2011/05/22 00:03:27 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/22 00:01:29 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/21 15:26:17 | 000,104,309 | ---- | C] () -- C:\Users\J-Hill\Desktop\Aftermath_African_Amer_Suicide.pdf
[2011/05/21 14:14:10 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/05/20 21:32:10 | 000,002,292 | ---- | C] () -- C:\Users\Public\Desktop\Cities XL 2011.lnk
[2011/05/20 16:52:03 | 000,001,246 | ---- | C] () -- C:\Users\J-Hill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/05/20 16:42:43 | 000,001,196 | ---- | C] () -- C:\Users\J-Hill\Desktop\OpenOffice.org 3.3.lnk
[2011/05/18 20:39:30 | 000,048,504 | ---- | C] () -- C:\registry_5_18.reg
[2011/05/17 11:22:39 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/05/17 11:22:37 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/05/16 15:51:48 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/16 14:07:08 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 00:58:15 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/16 00:58:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/16 00:58:15 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/16 00:58:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/16 00:58:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/16 00:50:43 | 004,352,705 | R--- | C] () -- C:\Users\J-Hill\Desktop\ComboFix.exe
[2011/05/15 15:55:21 | 000,000,935 | ---- | C] () -- C:\Users\J-Hill\Desktop\NTREGOPT.lnk
[2011/05/15 15:55:21 | 000,000,916 | ---- | C] () -- C:\Users\J-Hill\Desktop\ERUNT.lnk
[2011/05/15 15:54:03 | 000,513,320 | ---- | C] () -- C:\Users\J-Hill\Desktop\erunt.zip
[2011/05/14 00:23:29 | 000,150,588 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/12 22:08:48 | 003,756,986 | ---- | C] () -- C:\Users\J-Hill\Desktop\RE__Meeting_for_Tomorrow_(Monday).zip
[2011/05/11 16:11:30 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/11 16:11:30 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/05/04 23:55:05 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Comet Player.lnk
[2011/05/04 23:55:05 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2011/04/30 20:12:49 | 000,163,084 | ---- | C] () -- C:\Users\J-Hill\Desktop\295.zip
[2011/04/23 18:20:39 | 000,000,034 | ---- | C] () -- C:\Windows\ebraryRdr.ini
[2011/02/07 08:43:42 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/07 08:43:41 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/16 16:01:01 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2010/09/16 16:01:01 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2010/07/29 09:41:16 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2010/07/23 13:58:04 | 000,000,000 | ---- | C] () -- C:\Users\J-Hill\AppData\Roaming\wklnhst.dat
[2010/07/22 16:40:59 | 000,007,604 | ---- | C] () -- C:\Users\J-Hill\AppData\Local\Resmon.ResmonCfg
[2010/01/27 09:54:03 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/01/27 09:42:08 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/01/27 09:42:08 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2010/01/27 09:20:07 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/01/27 09:19:27 | 000,001,642 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/29 15:56:57 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/10/29 15:56:57 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/10/29 15:56:57 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/10/29 15:06:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/15 03:29:04 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\Acoustica
[2011/05/21 02:08:11 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\BitComet
[2011/01/02 03:04:19 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\CometPlayer
[2010/07/23 13:04:52 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\DAEMON Tools Lite
[2010/07/31 21:06:30 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\GrabPro
[2011/01/20 19:10:57 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\HorizonWimba
[2011/04/15 20:45:48 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\MusE
[2011/01/30 14:38:25 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\OpenCandy
[2011/05/20 16:51:25 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\OpenOffice.org
[2011/05/23 02:02:47 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\Orbit
[2010/07/22 01:36:08 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\Packard Bell
[2010/07/31 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\ProgSense
[2011/01/30 15:12:24 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\Reviversoft
[2011/03/16 14:47:05 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\SecondLife
[2011/04/15 03:29:28 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\SynthMaker
[2010/08/10 02:18:43 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\Teleca
[2010/12/25 14:37:48 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\Temp
[2010/10/13 02:27:27 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\thriXXX
[2010/07/27 19:27:33 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\Thunderbird
[2011/01/18 20:45:56 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\tigerplayer
[2011/03/23 18:35:58 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\vghd
[2011/01/12 05:06:27 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\Windows Live Writer
[2010/08/05 01:11:36 | 000,000,000 | ---D | M] -- C:\Users\J-Hill\AppData\Roaming\XMind
[2011/05/22 11:13:04 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/05/19 13:50:32 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#17
RKinner
Posted 23 May 2011 - 01:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Can you log in to the router and see what DNS they are using? The DNS should be learned from DHCP or you could put in 8.8.8.8. A static DNS would be a sign of an infection. Also are there any static routes? These should be removed. Some routers have more than one default preassigned login. Make sure that any of these have new passwords.


Ron
  • 0

#18
cold.wake.up
Posted 23 May 2011 - 05:35 PM

cold.wake.up

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I did a hard reset of the router, and changed the router's password.

I did those things before and it got rid of it, but it came back. Can you suggest any ways to prevent it from happening again?
  • 0

#19
RKinner
Posted 23 May 2011 - 07:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Sometimes a router will get reinfected before you change the password. That's why it's best to shutdown or disconnect all other computers. One way to make it harder for malware is to change the router's network IP range. Normally routers use 192.168.0.x or 192.168.1.x but the third number doesn't have to be 0 or 1. It can be anything from 0 to 254. Change the third number so it uses something like 192.168.127.x. Most malware will just look for the router at 192.168.0.1 or 192.168.1.1.

Ron
  • 0

#20
cold.wake.up
Posted 23 May 2011 - 07:21 PM

cold.wake.up

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I just changed the IP address.

Could I keep this thread open for another week, in case the re-directs return? After that, you can close it.

Thank you for taking the time to help me.
  • 0

#21
RKinner
Posted 23 May 2011 - 07:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Why don't you run OTL on the other computers in the house and post the logs in this same thread. Might as well clear out the whole nest of malware at one time.

Your computer seems to be clean so you can run OTL and hit the Cleanup button.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#22
cold.wake.up
Posted 23 May 2011 - 11:35 PM

cold.wake.up

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
It seems the Google re-direct has returned. I don't understand it. I've changed the IP address and everything.

I'll begin posting logs from the others.

* While checking the status of my router, I noticed a host name (under active clients) that has an asterisk for a name. It says the IP is tracked to China by the Wistron Corporation. It seems supicious. I found some information about it, and it seems like a legimitate company, but I'm not sure.

As well, I have noticed that as I browse, I receive frequent security popups that tell me I am entering/leaving a secure page, even with sites like Google. I assume this is due to the infection.

* I changed the IP address on my router to (actual) Google's. It seems OK for the moment.

Edited by cold.wake.up, 24 May 2011 - 12:05 AM.

  • 0

#23
RKinner
Posted 24 May 2011 - 12:02 AM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Give the the exact model of your router so I can see what you are looking at. Then tell me how to get to this 'active client' list. What host name and/or IP has the asterisk?

Ron
  • 0

#24
cold.wake.up
Posted 25 May 2011 - 11:24 AM

cold.wake.up

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I have a Linksys Wireless-G WRT54G router. It's firmware version is DD-WRT v24-sp2. This is a different firmware from what I remembered when I was last here (during winter break). However my cousin says it changed with the new modem.

I selected main tab "Status," and then "LAN." The active client with asterisk is not there (however, the re-directs have returned).

Here are the results of an OTL scan of a second computer in my household:
--

OTL logfile created on: 5/25/2011 11:58:27 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Erika\Desktop\Cleaning
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 49.88% Memory free
3.74 Gb Paging File | 2.75 Gb Available in Paging File | 73.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.01 Gb Total Space | 141.83 Gb Free Space | 63.88% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.83 Gb Free Space | 16.79% Space Free | Partition Type: NTFS

Computer Name: ERIKA-PC | User Name: Erika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 11:56:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Erika\Desktop\Cleaning\OTL.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/06 09:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/01/20 21:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/25 11:56:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Erika\Desktop\Cleaning\OTL.exe
MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/31 00:16:26 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/12 11:49:05 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/26 18:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/02/26 10:11:02 | 000,299,520 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2008/12/20 00:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 14:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/24 17:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 08:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://aimzones.aol.com/homepage"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6760
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
FF - prefs.js..extensions.enabledItems: {9565115d-c7d6-46d3-bd63-b67b481a4368}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {AE640F81-59B5-45B0-9716-298FFCA15B70}:1.9.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=616163&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 14:43:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 14:43:44 | 000,000,000 | ---D | M]

[2009/02/26 23:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erika\AppData\Roaming\Mozilla\Extensions
[2011/05/13 01:25:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\extensions
[2010/06/22 20:21:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/23 19:08:04 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/03/22 13:44:19 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2011/04/23 19:08:42 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/04/23 19:08:12 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\extensions\[email protected]
[2011/04/23 19:07:59 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\extensions\[email protected]
[2009/06/13 19:33:45 | 000,004,207 | ---- | M] () -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\searchplugins\aim-search.xml
[2009/06/13 20:46:28 | 000,001,720 | ---- | M] () -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\searchplugins\aol-search.xml
[2010/12/30 18:15:20 | 000,000,919 | ---- | M] () -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\searchplugins\conduit.xml
[2009/07/29 11:45:54 | 000,009,941 | ---- | M] () -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\searchplugins\mywebsearch.xml
[2011/01/13 22:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/10 17:15:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 21:14:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/29 02:51:30 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ERIKA\APPDATA\LOCAL\{AE640F81-59B5-45B0-9716-298FFCA15B70}
[2009/07/15 15:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\ERIKA\PROGRAM FILES\DNA
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/06 13:05:39 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Mrajovapupikep] C:\Users\Erika\AppData\Local\ibewofeh.dll (HighPoint Technologies, Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: juno.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Erika\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Erika\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{635813af-8760-11de-b964-001f16695604}\Shell - "" = AutoRun
O33 - MountPoints2\{635813af-8760-11de-b964-001f16695604}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 11:56:21 | 000,000,000 | ---D | C] -- C:\Users\Erika\Desktop\Cleaning
[2011/05/10 12:21:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/09/10 20:00:42 | 000,282,624 | ---- | C] (HighPoint Technologies, Inc.) -- C:\Users\Erika\AppData\Local\ibewofeh.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 11:51:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1345060392-751449997-1691460278-1000UA.job
[2011/05/25 11:48:38 | 000,000,000 | ---- | M] () -- C:\Users\Erika\AppData\Local\Ekocotohun.bin
[2011/05/25 11:47:59 | 000,101,651 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/25 11:46:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 11:46:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/25 11:46:47 | 000,101,651 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/25 11:46:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/25 11:46:37 | 1877,352,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 14:54:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1345060392-751449997-1691460278-1000Core.job
[2011/05/23 11:22:35 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForErika.job
[2011/05/15 23:53:24 | 000,002,042 | ---- | M] () -- C:\Users\Erika\Desktop\Google Chrome.lnk
[2011/05/15 23:53:24 | 000,002,004 | ---- | M] () -- C:\Users\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/11 19:47:01 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/11 19:47:00 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/10 12:21:43 | 170,435,238 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/28 17:37:20 | 000,000,903 | ---- | M] () -- C:\Users\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/28 17:15:42 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/28 17:15:42 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/28 17:15:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/10 12:21:43 | 170,435,238 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/28 17:15:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/29 02:51:32 | 000,000,000 | ---- | C] () -- C:\Users\Erika\AppData\Local\Ekocotohun.bin
[2011/03/29 02:51:31 | 000,000,120 | ---- | C] () -- C:\Users\Erika\AppData\Local\Ckilominopafeb.dat
[2010/05/24 14:33:00 | 004,670,829 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/05/24 14:33:00 | 001,529,856 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/05/24 14:33:00 | 001,447,921 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/05/24 14:33:00 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/05/24 14:33:00 | 000,810,113 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/05/24 14:33:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010/05/24 14:33:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/05/24 14:33:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/05/24 14:33:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/05/24 14:33:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/05/24 14:33:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/05/24 14:33:00 | 000,139,944 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/05/24 14:33:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/05/24 14:33:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010/05/24 14:33:00 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/05/24 14:33:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/05/24 14:33:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/05/19 15:59:20 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2010/05/19 15:59:10 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2010/05/19 15:59:02 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2010/05/19 15:58:52 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2010/05/19 15:58:24 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2010/05/19 15:58:18 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2010/05/19 15:58:08 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2010/05/19 15:57:42 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2010/05/19 15:57:38 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2010/05/19 15:57:26 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010/05/19 15:57:20 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2010/05/19 15:55:40 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2010/05/19 15:55:36 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/09/14 21:35:03 | 000,000,166 | ---- | C] () -- C:\Users\Erika\AppData\Roaming\wklnhst.dat
[2009/09/10 20:00:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 20:00:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/26 18:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2009/06/16 12:38:24 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/06/14 12:57:27 | 000,007,592 | ---- | C] () -- C:\Users\Erika\AppData\Local\d3d9caps.dat
[2009/06/13 20:21:47 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/17 14:37:26 | 000,101,651 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/17 03:43:48 | 000,101,651 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/01 22:04:05 | 000,019,968 | ---- | C] () -- C:\Users\Erika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/04 08:20:24 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/02/04 07:42:00 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/25 17:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,323,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/06/13 19:32:33 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\acccore
[2011/05/07 20:30:36 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\BitTorrent
[2009/08/12 11:59:28 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\DAEMON Tools Lite
[2009/07/26 13:26:50 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\DNA
[2009/08/07 10:12:26 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\fretsonfire
[2009/04/04 19:36:47 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\GrabPro
[2009/08/30 21:02:32 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\Nexon
[2010/07/22 23:35:01 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\OpenCandy
[2009/12/05 23:39:17 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\OpenOffice.org
[2011/05/23 15:49:04 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\Orbit
[2009/06/06 10:26:37 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\SystemRequirementsLab
[2009/09/14 21:35:13 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\Template
[2009/08/14 05:25:14 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\TSRWorkshop
[2010/06/22 20:22:46 | 000,000,000 | ---D | M] -- C:\Users\Erika\AppData\Roaming\Uniblue
[2011/05/25 01:53:48 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Extras
--

OTL Extras logfile created on: 5/25/2011 11:58:27 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Erika\Desktop\Cleaning
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 49.88% Memory free
3.74 Gb Paging File | 2.75 Gb Available in Paging File | 73.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.01 Gb Total Space | 141.83 Gb Free Space | 63.88% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.83 Gb Free Space | 16.79% Space Free | Partition Type: NTFS

Computer Name: ERIKA-PC | User Name: Erika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Erika\BitTorrent\bittorrent.exe" = C:\Users\Erika\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45322C84-C46E-4E3E-9CC6-274F92B18CB3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D5372ECF-3FA2-4A88-A653-5E630DB8BE52}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06493E48-E95B-4DAF-B467-DB4FBC5E3628}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{0E7D0FCB-14B4-465B-931D-E675136F5F35}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{116E4D05-1782-4CEC-B486-8C0E36EF5903}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1BEBB9C2-4D7C-41AF-B923-E1F76A052D6B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1244943235\ee\aolsoftware.exe |
"{1FF9B5FA-F576-4093-AFC7-0A218C7D27C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{24ADF75C-4356-4750-BBB2-D55FC5E461AA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{29A93ED3-CA54-4519-8C5A-0FF16BC5CB08}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{34D5DCEE-86AB-4363-97DC-1D34FFA0AAD9}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3703BFF2-A954-4467-AFC0-FA3408348D7D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{3A3D808C-C2E1-4F80-B2F0-7892E4BF82FE}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{3F189A29-4CD9-4042-A7BB-E24F25AF8891}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{44D0C21B-05F1-49B3-9CB6-77F2708BFA9E}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{4902CBA3-3773-4B14-B6C8-7E215919B83C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{4DA6663F-AFB0-4249-8717-2FC408647D41}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6BE973F2-E4F5-4EE9-9552-6FC919540002}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{709BD503-9665-4F1B-BECD-4CD1D70BBCF8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{74B86E5B-8DF8-4836-A00D-6A81441B0662}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{77AC3816-88D8-4705-93B7-F99E526F4EF1}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{7E05FDDB-C6A1-4FD7-A917-03F0D65112B5}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{7E56C159-4BDA-4E67-B427-1492CB0B2146}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{7EC0A0D7-EB2C-4E34-9091-F259A6689BCA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{826FF791-27BD-4185-B607-D2CBD4570EC9}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{8F242A2C-2232-4444-BA4B-2A1B36BC35B9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{904B046C-E58C-45BD-B5D9-98E884FB366F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{A28F119E-4775-4DCF-A7FA-82018FA35492}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{A444AAA9-806F-4B48-9711-0E7A8A1526B7}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{A4D2CEB2-7D8C-4D3F-8691-1F9876C8BCAA}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A82D6919-F83F-4CFF-81FB-5B747C0A1701}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{AFBAE12C-CF00-41E2-89C5-5762A14078CE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BB998F7F-0469-490E-880E-1D174C1388DA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BE70A581-C55E-4F09-87FA-43BDD3F84AEF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C2E4A979-F89E-4E59-97AC-140CAA831E41}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{CBBFEA7F-EF46-474A-A025-EF408ABFB40F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{CE5477D5-F6F8-49C2-B064-69BC26D43A87}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{D2E23FDB-259D-458D-836C-CC8805C9D3DC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{D981BA6E-B3DB-489D-8A2B-DCE80340642F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1244943235\ee\aolsoftware.exe |
"{F541CD2E-1E50-4EAB-9ACB-79A52E05E10D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{FFF15A56-8DDD-4496-BAE1-BE6B1166FC39}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"TCP Query User{10AD1CD4-C3E4-417B-AD23-65A9B8C46026}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3CE4A08D-C939-4414-A7B3-42CDBA8C779A}C:\users\erika\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\erika\program files\dna\btdna.exe |
"TCP Query User{4059E424-183B-4032-A5FA-F4090DB48397}C:\users\erika\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\erika\bittorrent\bittorrent.exe |
"TCP Query User{6D770574-C70E-49D6-82FA-7FC6B905ABA7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8D79BCCD-0952-4275-8C1F-1017950642E0}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{AF2677F5-3071-48EA-8404-727E1AB0EF63}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{BE1180A4-70AB-42DD-B3A0-4D6289B1F547}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{C36E79DA-C732-4286-BDEF-E9996C2E1426}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{F05E683C-E59B-4337-986C-E3A17310549C}C:\users\erika\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\erika\bittorrent\bittorrent.exe |
"UDP Query User{03A61CCE-74C3-4391-BBC0-EE78740E82BC}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{06729F88-535A-4891-8B07-5ECA08EEC2EE}C:\users\erika\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\erika\bittorrent\bittorrent.exe |
"UDP Query User{1EEB1116-6D3C-44C4-833A-3E6A649A1FB5}C:\users\erika\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\erika\program files\dna\btdna.exe |
"UDP Query User{681F49D4-3156-4967-A999-EF307CC905EA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{72C6B401-6307-4625-AD4E-6138B5B3D43D}C:\users\erika\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\erika\bittorrent\bittorrent.exe |
"UDP Query User{7B7A6909-197F-41DF-A5E7-1B3B324966AB}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{99B60435-5BBD-458F-95F7-9DAB05A94065}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{CB1B360B-7FF8-4FE4-B3E8-53FB81724EAD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EDD22206-B5B1-4412-9329-1FE5940FD7EA}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"avast" = avast! Free Antivirus
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"Debut" = Debut Video Capture Software
"Hamachi" = Hamachi 1.0.3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"PageRage Toolbar" = PageRage Toolbar
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Veoh Web Player Beta" = Veoh Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"vLite_is1" = vLite

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Unsigned" = Unsigned

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#25
RKinner
Posted 25 May 2011 - 12:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Can you find a version number for the router? DD-WRT software is not the standard software that came with your router. It's open source router code so it may have been hacked. See http://www.dd-wrt.com/site/index That might explain why resetting it is not a permanent cure.

For the new PC (which definitely is infected)

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Uninstall
Java™ 6 Update 16
Java™ 6 Update 21
Java™ 6 Update 7
Java Auto Updater
BitTorrentBar Toolbar
Conduit Engine
DAEMON Tools Toolbar
Orbit Downloader
PageRage Toolbar
BitTorrent
DNA
Norton Internet Security


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Download the SPTD standalone installer from Duplex Secure.
http://www.duplexsec...om/en/downloads
Execute and choose to uninstall.


Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AE640F81-59B5-45B0-9716-298FFCA15B70}:1.9.1
[2010/06/10 17:15:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 21:14:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/29 02:51:30 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ERIKA\APPDATA\LOCAL\{AE640F81-59B5-45B0-9716-298FFCA15B70}
[2010/12/30 18:15:20 | 000,000,919 | ---- | M] () -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\searchplugins\conduit.xml
[2009/07/29 11:45:54 | 000,009,941 | ---- | M] () -- C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\gic9412i.default\searchplugins\mywebsearch.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PageRage Toolbar) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKCU..\Run: [Mrajovapupikep] C:\Users\Erika\AppData\Local\ibewofeh.dll (HighPoint Technologies, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{635813af-8760-11de-b964-001f16695604}\Shell - "" = AutoRun
O33 - MountPoints2\{635813af-8760-11de-b964-001f16695604}\Shell\AutoRun\command - "" = G:\Autorun.exe
[2011/05/25 11:51:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1345060392-751449997-1691460278-1000UA.job
[2011/05/25 11:48:38 | 000,000,000 | ---- | M] () -- C:\Users\Erika\AppData\Local\Ekocotohun.bin
[2011/05/24 14:54:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1345060392-751449997-1691460278-1000Core.job
[2011/03/29 02:51:32 | 000,000,000 | ---- | C] () -- C:\Users\Erika\AppData\Local\Ekocotohun.bin
[2011/03/29 02:51:31 | 000,000,120 | ---- | C] () -- C:\Users\Erika\AppData\Local\Ckilominopafeb.dat

:files
C:\Users\Erika\AppData\Local\ibewofeh.dll

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and select either the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix


:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Right click on the Avast ball, select Avast Shields Control then Disable Until Computer is Restarted, Yes.

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on Combofix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click the aswMBR.exe and Run as Administrator to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image



Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Ron
  • 0

Advertisements

#26
cold.wake.up
Posted 25 May 2011 - 12:34 PM

cold.wake.up

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The router is version no. 2.

So is there a way to flash it back to it's default firmware? And if so, will that affect my cable modem's functionality?

I will apply the fixes you listed when I can.

**I noticed now that Yahoo! and Bing searches have been blocked completely (before they worked, but the result links would re-direct) The bing home page doesn't load any images or news; however, the Yahoo! homepage loads fine, and can be browsed. The same error page would appear (and it is not an Internet Explorer error page). The tag line at the bottom (on both pages) is, "Generated Wed, 25 May 2011 18:44:57 GMT by server8.de (squid/2.6.STABLE21) " I find it odd that a server with a .de appears on both (I am in the U.S., using U.S. editions of the sites). That's probably due to the hacking.

Here are two images:
Posted Image

Posted Image

Edited by cold.wake.up, 25 May 2011 - 12:56 PM.

  • 0

#27
RKinner
Posted 25 May 2011 - 01:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
You can see the errors are coming from somewhere else and not your browser. At the bottom it says it comes from server8.de running Squid. You can also see that something is wrong with the URL. It is duplicated which has to be wrong. It's no wonder it can't go anywhere. It is looking more and more like the router firmware is hosed.

You should be able to go to http://homesupport.c...less/lbc/WRT54G and click on Downloads and get both instructions and the latest firmware download. Make sure you have the exact model (any letters after WRT54G?) and Version number.

I've never seen a cable modem that cared what router you had so I'm puzzled why your cousin says it changed with the new modem. Did the cable company change out the router? Did they flash the firmware?

If it doesn't work after returning to the old code I suppose you can use the latest DD-WRT code so it might be good to download it and save it to your PC in case you need it. Sometimes it is possible to backup or download the current firmware from the router to your PC. That would give you a fallback.

Ron
  • 0

#28
cold.wake.up
Posted 26 May 2011 - 12:22 PM

cold.wake.up

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I flashed the router back to the lastest Linksys firmware for it.

I also changed the router's password again.

I told my cousin what you said about the cable modem and the firmware. My cousin said the changes preceded the installation of the cable modem. He said the firmware changed all-of-a-sudden (I assume around the time the re-directs occurred). Before the re-directs began, we hadn't set another password for the router (it was still 'admin'). As well, its local IP was the typical 192.168.1.x, so we were pretty suceptible to hackers.

I haven't experienced a re-direct since the flashing, but I want to wait a few days before I declare the problem fixed.

Thank you so much for you help thus far, Ron.
  • 0

#29
cold.wake.up
Posted 26 May 2011 - 08:48 PM

cold.wake.up

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
We just installed a new Netgear router. We placed the order for it a few days ago. I secured it and the wireless network with a password. Again, I'll post in a few days if I experience re-directs (in that case, I'd believe the computers was the culprit).
  • 0

#30
RKinner
Posted 26 May 2011 - 08:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Don't forget we need to fix the other computers in the house.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP