Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect virus


  • This topic is locked This topic is locked

#1
nerdglasses

nerdglasses

    New Member

  • Member
  • Pip
  • 5 posts
Hello fellow forum friends I want to see if I can get helped removing a virus. When I do a search with google it redirects me to another site when I click on the link provided. I think they call this viruses google redirecting or something of that sort. Sorry if I come across as ignorant regarding computers. I tried norton 360, spyware doctor and webroot antivirus with spysweeper with no avail. I came across your forum and tried doing the google redirect guide and failed. This is my last resort for some help. This is my log and any help is appreciated. Thank you in advance



OTL logfile created on: 8/10/2011 9:12:44 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Gomer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.27% Memory free
15.98 Gb Paging File | 13.66 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 909.41 Gb Total Space | 721.35 Gb Free Space | 79.32% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 0.97 Gb Free Space | 0.65% Space Free | Partition Type: NTFS

Computer Name: GOMER-PC | User Name: Gomer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Gomer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
PRC - C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\KWorld MultiMedia\RC Utility\KWRCtl.exe ()
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
PRC - C:\OEM\USBDECTION\USBS3S4Detection.exe ()
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)


========== Modules (SafeList) ==========

MOD - C:\Users\Gomer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Internet Download Manager\idmmkb.dll (Tonec Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\PC Tools Security\PCTGMhk.dll (PC Tools)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WRConsumerService) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (USBS3S4Detection) -- C:\OEM\USBDECTION\USBS3S4Detection.exe ()
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ssidrv) -- C:\Windows\SysNative\drivers\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV:64bit: - (ssfmonm) -- C:\Windows\SysNative\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com))
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\drivers\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys (Symantec Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys (Symantec Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110810.019\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110810.019\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110810.030\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110723.001\BHDrvx64.sys (Symantec Corporation)
DRV - (ASPI32) -- C:\Windows\SysWow64\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...d5v165k4501r302
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...d5v165k4501r302
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...d5v165k4501r302
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...d5v165k4501r302

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...d5v165k4501r302
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gomer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gomer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/08/09 22:54:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/08/10 20:53:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/08 20:12:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/14 20:13:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Gomer\AppData\Roaming\IDM\idmmzcc3 [2011/06/24 18:02:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Gomer\AppData\Roaming\IDM\idmmzcc3 [2011/06/24 18:02:59 | 000,000,000 | ---D | M]

[2010/07/31 16:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gomer\AppData\Roaming\Mozilla\Extensions
[2011/07/09 12:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gomer\AppData\Roaming\Mozilla\Firefox\Profiles\zzq8pn5c.default\extensions
[2010/12/22 19:07:52 | 000,000,000 | ---D | M] (Diccionario español Mexico) -- C:\Users\Gomer\AppData\Roaming\Mozilla\Firefox\Profiles\zzq8pn5c.default\extensions\[email protected]
[2011/08/08 20:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/01 18:21:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/09 15:45:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 22:53:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/19 19:36:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/10 20:53:05 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN_2010_9_0_6
[2011/08/09 22:54:08 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
() (No name found) -- C:\USERS\GOMER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZZQ8PN5C.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\GOMER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZZQ8PN5C.DEFAULT\EXTENSIONS\[email protected]
[2011/07/08 00:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/10 03:30:21 | 000,001,028 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 tonec.com
O1 - Hosts: 127.0.0.1 www.tonec.com
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 www.registeridm.com
O1 - Hosts: 127.0.0.1 secure.registeridm.com
O1 - Hosts: 127.0.0.1 internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com
O1 - Hosts:
O1 - Hosts: 127.0.0.1 activation.nero.com
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcSoft Connection Service] File not found
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [8DDYX0ZBPZ] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\Gomer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk = C:\Program Files (x86)\KWorld MultiMedia\RC Utility\KWRCtl.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30:64bit: - LSA: Security Packages - (ᘀ堀㄀) - File not found
O30 - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
O30 - LSA: Security Packages - (ᘀ堀㄀) - File not found
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/10 21:06:05 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Gomer\Desktop\OTL.exe
[2011/08/10 20:54:25 | 000,000,000 | ---D | C] -- C:\Users\Gomer\Desktop\GooredFix Backups
[2011/08/10 20:49:55 | 000,000,000 | ---D | C] -- C:\Users\Gomer\Desktop\tdsskiller
[2011/08/10 20:49:40 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Gomer\Desktop\GooredFix.exe
[2011/08/10 20:47:05 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/10 20:45:52 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Gomer\Desktop\OTM.exe
[2011/08/10 20:42:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/10 20:41:58 | 000,000,000 | ---D | C] -- C:\Users\Gomer\Desktop\erunt
[2011/08/09 22:50:35 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Gomer\Desktop\FixTDSS.exe
[2011/08/09 22:29:56 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/08/09 22:29:56 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/08/09 22:29:55 | 000,331,368 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/08/09 22:29:55 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/08/09 22:29:52 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/08/09 22:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/08/09 22:29:47 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/08/09 22:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/08/09 22:29:35 | 000,000,000 | ---D | C] -- C:\Users\Gomer\AppData\Roaming\PC Tools
[2011/08/09 22:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/08/09 22:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/08/09 05:45:18 | 000,136,224 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssidrv.sys
[2011/08/09 05:45:18 | 000,056,920 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssfmonm.sys
[2011/08/09 05:44:49 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys
[2011/08/09 05:44:49 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys
[2011/08/09 05:44:49 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys
[2011/08/09 05:44:49 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys
[2011/08/09 05:44:49 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys
[2011/08/09 05:44:48 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys
[2011/08/09 05:44:48 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys
[2011/08/09 05:44:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0403000.005
[2011/08/09 05:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2011/08/09 05:44:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{61D227D1-25DF-4A97-9428-6C9A27015CDA}
[2011/08/09 05:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2011/08/09 05:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/08/09 05:43:28 | 000,000,000 | ---D | C] -- C:\Users\Gomer\AppData\Local\PackageAware
[2011/08/08 20:07:09 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/08/08 20:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/08/08 20:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/08/08 20:06:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/08/08 20:06:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/08/08 20:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2011/08/08 20:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/08/08 20:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/08/08 20:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/08/08 16:41:52 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/08/08 16:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/08 16:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/04 21:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2011/08/04 21:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
[2011/08/04 21:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2011/07/31 14:29:37 | 000,000,000 | ---D | C] -- C:\Users\Gomer\Documents\ArcSoft ToGo
[2011/07/31 14:27:12 | 000,000,000 | ---D | C] -- C:\Users\Gomer\AppData\Roaming\KWorld Multimedia
[2011/07/31 14:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KWorld Multimedia
[2011/07/31 14:26:26 | 000,000,000 | ---D | C] -- C:\Users\Gomer\AppData\Roaming\ArcSoft
[2011/07/31 14:26:12 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2011/07/31 14:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2011/07/31 14:23:23 | 001,363,456 | ---- | C] (NXP Semiconductors Germany GmbH) -- C:\Windows\SysNative\drivers\3xHybr64.sys
[2011/07/31 14:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KWorld MultiMedia
[2011/07/28 21:55:09 | 000,000,000 | ---D | C] -- C:\Users\Gomer\AppData\Roaming\Opera
[2011/07/28 21:55:09 | 000,000,000 | ---D | C] -- C:\Users\Gomer\AppData\Local\Opera
[2011/07/28 21:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2011/07/25 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\Gomer\Desktop\Unknown artist
[2011/07/21 23:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011/07/21 23:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011/07/20 07:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2011/07/19 22:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2011/07/15 20:45:06 | 000,000,000 | ---D | C] -- C:\Users\Gomer\.android
[2011/07/15 20:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Android
[2011/07/13 01:50:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/05/15 12:02:51 | 000,122,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll

========== Files - Modified Within 30 Days ==========

[2011/08/10 21:06:02 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Gomer\Desktop\OTL.exe
[2011/08/10 21:02:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/10 21:02:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/10 20:53:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/10 20:52:57 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\UAGNECRRTU.job
[2011/08/10 20:52:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/10 20:52:49 | 2140,491,775 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/10 20:49:51 | 001,388,130 | ---- | M] () -- C:\Users\Gomer\Desktop\tdsskiller.zip
[2011/08/10 20:49:32 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Gomer\Desktop\GooredFix.exe
[2011/08/10 20:45:45 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Gomer\Desktop\OTM.exe
[2011/08/10 20:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-686415181-928281895-723040228-1001UA.job
[2011/08/10 20:26:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/10 17:34:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-686415181-928281895-723040228-1001Core.job
[2011/08/10 03:06:36 | 001,728,646 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\Cat.DB
[2011/08/10 03:06:10 | 001,728,534 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/08/10 03:02:43 | 000,746,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/10 03:02:43 | 000,628,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/10 03:02:43 | 000,108,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/09 22:50:35 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Gomer\Desktop\FixTDSS.exe
[2011/08/09 22:29:51 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/08/09 20:06:32 | 2852,366,336 | ---- | M] () -- C:\Users\Gomer\Desktop\Show de Estrella.mpg
[2011/08/09 05:43:24 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2011/08/08 21:25:23 | 000,058,367 | ---- | M] () -- C:\Users\Gomer\Desktop\Reservation Confirmation.htm
[2011/08/08 20:07:09 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/08/08 20:07:09 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/08/08 20:07:09 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/08/08 17:12:16 | 000,071,361 | ---- | M] () -- C:\Users\Gomer\Desktop\bookmarks.html
[2011/08/08 17:12:09 | 000,030,873 | ---- | M] () -- C:\Users\Gomer\Desktop\bookmarks-2011-08-08.json
[2011/08/08 16:41:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/08 16:37:12 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/08/07 22:13:30 | 000,065,024 | RHS- | M] () -- C:\Windows\SysWow64\dxdiagnc.dll
[2011/08/06 00:39:59 | 699,362,060 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/04 21:58:11 | 000,002,015 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
[2011/08/04 21:46:30 | 000,097,054 | ---- | M] () -- C:\Users\Gomer\Desktop\www.nevadadirectinsurance.com.mht
[2011/08/01 16:27:20 | 000,054,848 | ---- | M] () -- C:\Users\Gomer\Desktop\My Channels.chl
[2011/07/31 14:26:35 | 000,001,138 | ---- | M] () -- C:\Users\Gomer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk
[2011/07/22 21:50:41 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/07/12 21:54:01 | 004,911,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/08/10 20:49:46 | 001,388,130 | ---- | C] () -- C:\Users\Gomer\Desktop\tdsskiller.zip
[2011/08/09 22:29:57 | 001,728,534 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/08/09 22:29:51 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/08/09 19:06:30 | 2852,366,336 | ---- | C] () -- C:\Users\Gomer\Desktop\Show de Estrella.mpg
[2011/08/09 16:57:43 | 001,728,646 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\Cat.DB
[2011/08/09 05:45:18 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2011/08/09 05:45:18 | 000,019,576 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe
[2011/08/09 05:44:49 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.cat
[2011/08/09 05:44:49 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnetv64.cat
[2011/08/09 05:44:49 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.cat
[2011/08/09 05:44:49 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.cat
[2011/08/09 05:44:49 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnet64.cat
[2011/08/09 05:44:49 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa.inf
[2011/08/09 05:44:49 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds.inf
[2011/08/09 05:44:49 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnetv.inf
[2011/08/09 05:44:49 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnet.inf
[2011/08/09 05:44:49 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.inf
[2011/08/09 05:44:49 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.inf
[2011/08/09 05:44:48 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.cat
[2011/08/09 05:44:48 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\iron.cat
[2011/08/09 05:44:48 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.cat
[2011/08/09 05:44:48 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.inf
[2011/08/09 05:44:48 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\iron.inf
[2011/08/09 05:44:35 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\isolate.ini
[2011/08/09 05:43:24 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2011/08/08 21:25:22 | 000,058,367 | ---- | C] () -- C:\Users\Gomer\Desktop\Reservation Confirmation.htm
[2011/08/08 20:12:18 | 000,001,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/08 20:07:09 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/08/08 20:07:09 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/08/08 17:12:16 | 000,071,361 | ---- | C] () -- C:\Users\Gomer\Desktop\bookmarks.html
[2011/08/08 17:12:09 | 000,030,873 | ---- | C] () -- C:\Users\Gomer\Desktop\bookmarks-2011-08-08.json
[2011/08/08 16:41:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/08/07 22:13:31 | 000,000,246 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/08/07 22:13:30 | 000,065,024 | RHS- | C] () -- C:\Windows\SysWow64\dxdiagnc.dll
[2011/08/07 22:13:30 | 000,000,304 | -HS- | C] () -- C:\Windows\tasks\UAGNECRRTU.job
[2011/08/04 21:58:11 | 000,002,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
[2011/08/04 21:46:30 | 000,097,054 | ---- | C] () -- C:\Users\Gomer\Desktop\www.nevadadirectinsurance.com.mht
[2011/08/01 16:27:20 | 000,054,848 | ---- | C] () -- C:\Users\Gomer\Desktop\My Channels.chl
[2011/07/31 14:26:35 | 000,001,138 | ---- | C] () -- C:\Users\Gomer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk
[2011/07/31 14:23:58 | 000,476,672 | ---- | C] () -- C:\Windows\nxpunist.exe
[2011/07/31 14:23:58 | 000,002,608 | ---- | C] () -- C:\Windows\TVNXPDrv.ini
[2011/07/31 14:23:58 | 000,001,605 | ---- | C] () -- C:\Windows\English.lng
[2011/07/28 21:55:06 | 000,001,844 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011/07/13 01:49:53 | 699,362,060 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/29 11:34:10 | 000,004,608 | ---- | C] () -- C:\Users\Gomer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/15 12:02:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/05/15 12:02:50 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/15 12:02:50 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/15 12:02:50 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/30 20:41:25 | 000,749,260 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/29 00:05:37 | 000,000,600 | ---- | C] () -- C:\Users\Gomer\AppData\Roaming\winscp.rnd
[2010/10/09 19:28:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/08/08 13:54:03 | 000,000,000 | ---- | C] () -- C:\Users\Gomer\AppData\Roaming\wklnhst.dat
[2010/08/03 17:50:13 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/07/31 16:02:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/12 22:10:22 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\Audacity
[2011/05/20 18:34:29 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\Coby
[2011/08/10 20:41:34 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\DMCache
[2011/06/26 14:49:47 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\DVDFab
[2011/06/26 11:56:56 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\HandBrake
[2011/08/04 23:02:16 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\IDM
[2011/05/03 18:36:49 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\IrfanView
[2011/07/31 14:27:19 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\KWorld Multimedia
[2010/08/17 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\Mp3tag
[2010/07/31 14:52:25 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\OEM
[2011/07/28 21:55:09 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\Opera
[2010/08/02 16:22:31 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\Packard Bell
[2011/05/25 21:11:15 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\SoftGrid Client
[2010/08/08 13:54:05 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\Template
[2011/02/24 23:04:11 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\Thinstall
[2011/01/06 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\Tific
[2011/03/30 20:42:12 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\TP
[2011/02/26 13:50:17 | 000,000,000 | ---D | M] -- C:\Users\Gomer\AppData\Roaming\Xilisoft
[2011/08/09 16:58:11 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/10 20:52:57 | 000,000,304 | -HS- | M] () -- C:\Windows\Tasks\UAGNECRRTU.job
[2011/08/08 16:37:12 | 000,000,246 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:6971CCC5

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello nerdglasses and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKCU..\Run: [8DDYX0ZBPZ] File not found
    O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
    O30 - LSA: Authentication Packages - (ows\w) - File not found
    O30:64bit: - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
    O30:64bit: - LSA: Security Packages - (ᘀ堀㄀) - File not found
    O30 - LSA: Security Packages - (椀渀搀漀眀猀) - File not found
    O30 - LSA: Security Packages - (ᘀ堀㄀) - File not found
    [2011/08/10 20:52:57 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\UAGNECRRTU.job
    [2011/08/07 22:13:30 | 000,065,024 | RHS- | M] () -- C:\Windows\SysWow64\dxdiagnc.dll
    [2011/08/09 05:45:18 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
    [2011/08/09 05:45:18 | 000,019,576 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe
    [2011/07/31 14:23:58 | 000,476,672 | ---- | C] () -- C:\Windows\nxpunist.exe

    :Files
    ipconfig /flushdns /c
    ipconfig /all /c
    nslookup google.com /c
    nslookup yahoo.com /c
    ping -n 2 google.com /c
    ping -n 2 yahoo.com /c
    route print /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
nerdglasses

nerdglasses

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you maliprog for taking the time to help me. This is the log file for the otl



========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\8DDYX0ZBPZ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ows\w deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ows\w deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:椀渀搀漀眀猀 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:ᘀ堀㄀ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:椀渀搀漀眀猀 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:ᘀ堀㄀ deleted successfully.
C:\Windows\Tasks\UAGNECRRTU.job moved successfully.
C:\Windows\SysWOW64\dxdiagnc.dll moved successfully.
File move failed. C:\Windows\SysWOW64\wrLZMA.dll scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SsiEfr.exe scheduled to be moved on reboot.
C:\Windows\nxpunist.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Gomer\Desktop\cmd.bat deleted successfully.
C:\Users\Gomer\Desktop\cmd.txt deleted successfully.
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : Gomer-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 70-F1-A1-7D-A5-6B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 44-87-FC-9C-3B-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2406:503c:23b9:25f4%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 11, 2011 2:05:53 PM
Lease Expires . . . . . . . . . . : Friday, August 12, 2011 2:05:53 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 189040636
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-75-6D-75-44-87-FC-9C-3B-C5
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{E7565415-8460-42A1-AD9A-96ACFFA58AF2}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{28151D4B-DB5E-4695-9B89-8D41A9D6B07B}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2075:1178:3f57:fef7(Preferred)
Link-local IPv6 Address . . . . . : fe80::2075:1178:3f57:fef7%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
C:\Users\Gomer\Desktop\cmd.bat deleted successfully.
C:\Users\Gomer\Desktop\cmd.txt deleted successfully.
< nslookup google.com /c >
Server: UnKnown
Address: 192.168.1.1
Name: google.com
Addresses: 74.125.73.105
74.125.73.106
74.125.73.147
74.125.73.99
74.125.73.103
74.125.73.104
C:\Users\Gomer\Desktop\cmd.bat deleted successfully.
C:\Users\Gomer\Desktop\cmd.txt deleted successfully.
< nslookup yahoo.com /c >
Server: UnKnown
Address: 192.168.1.1
Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
C:\Users\Gomer\Desktop\cmd.bat deleted successfully.
C:\Users\Gomer\Desktop\cmd.txt deleted successfully.
< ping -n 2 google.com /c >
Pinging google.com [74.125.73.104] with 32 bytes of data:
Reply from 74.125.73.104: bytes=32 time=56ms TTL=53
Reply from 74.125.73.104: bytes=32 time=64ms TTL=53
Ping statistics for 74.125.73.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 56ms, Maximum = 64ms, Average = 60ms
C:\Users\Gomer\Desktop\cmd.bat deleted successfully.
C:\Users\Gomer\Desktop\cmd.txt deleted successfully.
< ping -n 2 yahoo.com /c >
Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=36ms TTL=56
Reply from 98.137.149.56: bytes=32 time=40ms TTL=56
Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 40ms, Average = 38ms
C:\Users\Gomer\Desktop\cmd.bat deleted successfully.
C:\Users\Gomer\Desktop\cmd.txt deleted successfully.
< route print /c >
===========================================================================
Interface List
12...70 f1 a1 7d a5 6b ......802.11n Wireless LAN Card
10...44 87 fc 9c 3b c5 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.8 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.8 276
192.168.1.8 255.255.255.255 On-link 192.168.1.8 276
192.168.1.255 255.255.255.255 On-link 192.168.1.8 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.8 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.8 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:2075:1178:3f57:fef7/128
On-link
10 276 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::2075:1178:3f57:fef7/128
On-link
10 276 fe80::2406:503c:23b9:25f4/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Users\Gomer\Desktop\cmd.bat deleted successfully.
C:\Users\Gomer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08112011_142613

Files\Folders moved on Reboot...
C:\Windows\SysWOW64\wrLZMA.dll moved successfully.
C:\Windows\SysNative\SsiEfr.exe moved successfully.

Registry entries deleted on Reboot...
  • 0

#4
nerdglasses

nerdglasses

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Just wanted to let you know I tried doing the scan with the aswMBR program at least 3 times before i was able to actually do it successfully. The first 3 times I tried doing it half way into the process my screen turned blue and it rebooted. This is the log file for the aswMBR I got


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-11 15:05:57
-----------------------------
15:05:57.686 OS Version: Windows x64 6.1.7601 Service Pack 1
15:05:57.686 Number of processors: 4 586 0x2502
15:05:57.687 ComputerName: GOMER-PC UserName: Gomer
15:05:58.962 Initialize success
15:06:12.907 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:06:12.911 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
15:06:12.915 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
15:06:12.918 Disk 1 Vendor: WDC_WD16 12.0 Size: 152626MB BusType: 3
15:06:12.953 Disk 0 MBR read successfully
15:06:12.956 Disk 0 MBR scan
15:06:12.958 Disk 0 Windows 7 default MBR code
15:06:12.960 Service scanning
15:06:29.926 Modules scanning
15:06:29.930 Disk 0 trace - called modules:
15:06:30.096 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys iaStor.sys hal.dll
15:06:30.101 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e70790]
15:06:30.105 3 CLASSPNP.SYS[fffff88001f6343f] -> nt!IofCallDriver -> [0xfffffa8007cb0cf0]
15:06:30.109 5 PCTCore64.sys[fffff880015a5094] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007af0050]
15:06:30.183 Scan finished successfully
15:07:02.523 Disk 0 MBR has been saved successfully to "C:\Users\Gomer\Desktop\MBR.dat"
15:07:02.533 The log file has been saved successfully to "C:\Users\Gomer\Desktop\aswMBR.txt"
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi nerdglasses,

Before we continue can you tell me how is your system now. Do you still get redirected?
  • 0

#6
nerdglasses

nerdglasses

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hello maliprog,

I'm not get redirected anymore. I tried it with all the 4 browsers I have installed and they all seem to be working fine. Do I have to do anything else?
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi nerdglasses,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#8
nerdglasses

nerdglasses

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you a lot for the help. I did everything you told me and it seems everything is running smooth
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP