Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus

Started by Ape_Ocalypse , Sep 11 2011 02:28 PM

  • This topic is locked This topic is locked

#1
Ape_Ocalypse
Posted 11 September 2011 - 02:28 PM

Ape_Ocalypse

    New Member

  • Member
  • Pip
  • 6 posts
As the thread title indicates, my computer appears to have been infected with a redirect virus of some sort. When I perform a search, clicking on a result often redirects me to an unrelated site. I apologize for being unable to provide much information beyond that as far as the nature of the virus is concerned; I am simply not very knowledgeable in these matters and have not noticed anything else unusual since the problem began. Feel free to disregard the rest of this post if it proves to be irrelevant, but here is my haphazard attempt at explaining the backstory of the problem:

I have had this computer for a little less than a year, and up until a few months ago, got by without incident using Microsoft Security Essentials. Before I began experiencing problems with search redirection, I remember MSE notifying me that updates were available. For some reason, however, I was unable to successfully download them, and after several failed attempts to resolve this issue, I ended up ignoring the problem and going on about my business (my first of many mistakes, undoubtedly). A couple months later, the problem with search redirection began. At this time I switched to Avast!, though I am pretty sure something went wrong when I uninstalled MSE, because to this day, when I reboot my computer, I sometimes get error messages concerning MSE. Little boxes that pop up, too, such as: "settings.rtf not found". I run full system scans with Avast! pretty regularly, and it identifies problems fairly often. Unfortunately, I have been unable to rid myself of the redirect virus, and I would not be surprised if the sites that it takes me to are responsible for the suspicious activity that these scans continually recognize.

I feel like that pretty much sums up the pertinent information I can offer, but do feel free to ask me anything else about the problem, and I will do my best to answer. Thanks in advance to anyone who responds. I apologize again for my inability to provide much beyond that, and for probably making the issue more difficult to resolve by not seeking help sooner. I have attached the results of the OTL scan I just ran for the convenience of whomever happens to view this thread.

OTL logfile created on: 9/11/2011 10:52:00 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\micro\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 66.97% Memory free
4.72 Gb Paging File | 3.84 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 121.42 Gb Free Space | 52.14% Space Free | Partition Type: NTFS

Computer Name: ANDREW | User Name: micro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/11 10:50:47 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\micro\My Documents\Downloads\OTL.exe
PRC - [2011/09/06 19:34:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/01 17:05:14 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2011/02/26 19:08:29 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/03/25 22:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/02/15 14:34:39 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/05 16:10:08 | 001,056,864 | ---- | M] () -- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
PRC - [2003/11/25 04:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2R1.EXE


========== Modules (No Company Name) ==========

MOD - [2011/09/11 01:20:37 | 001,560,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091100\algo.dll
MOD - [2011/09/10 16:02:05 | 000,091,648 | -H-- | M] () -- C:\Documents and Settings\micro\Local Settings\Temp\~3E.tmp
MOD - [2011/09/10 13:29:15 | 014,407,976 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2011/09/10 13:29:12 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011/09/10 13:29:12 | 000,190,248 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011/09/10 13:29:12 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011/09/10 13:29:12 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011/09/10 11:48:23 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091100\aswRep.dll
MOD - [2011/09/10 03:50:55 | 001,560,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091001\algo.dll
MOD - [2011/09/10 03:16:54 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091001\aswRep.dll
MOD - [2011/09/06 19:34:33 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/16 11:18:40 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
MOD - [2011/08/16 11:05:15 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/12/12 19:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 19:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2004/06/05 16:10:08 | 001,056,864 | ---- | M] () -- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/25 22:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/05/15 12:58:12 | 000,823,296 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)


========== Driver Services (SafeList) ==========

DRV - [2011/09/10 15:37:56 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3914A04-257C-40DE-88F9-887BAA1AEE2B}\MpKslc6e86ea3.sys -- (MpKslc6e86ea3)
DRV - [2011/09/10 15:25:08 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3914A04-257C-40DE-88F9-887BAA1AEE2B}\MpKsl5cbeaf35.sys -- (MpKsl5cbeaf35)
DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 13:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/12 14:41:22 | 005,867,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/01/26 20:05:00 | 004,078,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/11/17 16:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 16:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/28 09:26:03 | 000,384,896 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2008/12/12 19:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/05 16:32:02 | 000,644,096 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/10/06 16:11:04 | 000,025,312 | ---- | M] (Linksys) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB10T2B.sys -- (USB10T2B)
DRV - [2008/07/31 23:38:20 | 003,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007/11/22 15:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2004/06/04 13:12:10 | 000,379,488 | R--- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/05/20 10:46:42 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/05/20 10:46:38 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/12/17 15:30:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 85 07 19 1F 79 09 F2 4C A0 06 08 8A 3C 18 D7 6B [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/10 08:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 19:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 22:34:10 | 000,000,000 | ---D | M]

[2010/12/11 19:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\micro\Application Data\Mozilla\Extensions
[2011/08/16 11:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions
[2011/07/28 00:28:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{3ff8cd7f-d432-4f17-971c-02781620036e}
[2011/08/16 11:03:23 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/07 22:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/11 19:51:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/11 19:51:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/10 08:35:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/12/11 19:51:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/06 19:34:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 22:34:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1271900086765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1271902006781 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6624F47C-F1A2-4DD2-A57D-4759773CD7EA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA85781E-3BFB-4C69-8FA1-CC3C7717CC2F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC0D14A1-3C09-4534-B9FF-EC8C66B5C22C}: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\micro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\micro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/21 18:24:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{936f2dfa-059d-11e0-ba1e-001d7dd83c8c}\Shell - "" = AutoRun
O33 - MountPoints2\{936f2dfa-059d-11e0-ba1e-001d7dd83c8c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{936f2dfa-059d-11e0-ba1e-001d7dd83c8c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/11 10:43:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\micro\Recent
[2011/09/11 10:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/09/11 10:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2011/09/11 10:10:55 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/09/11 10:10:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/09/10 17:30:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/09/10 15:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\micro\Local Settings\Application Data\My Games
[2011/09/10 11:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/09/10 11:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\micro\Application Data\SystemRequirementsLab
[2011/08/31 19:00:26 | 000,000,000 | ---D | C] -- C:\a5b73b10f2bbfc79eed9c613ce9c
[2011/08/16 09:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\micro\Start Menu\Programs\Catan GmbH
[2011/08/16 09:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\micro\Application Data\COW
[2011/08/16 09:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Catan GmbH
[1998/12/08 19:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 19:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 19:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 19:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 19:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 19:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/11 10:24:14 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/11 10:24:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/11 10:15:07 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Setup.job
[2011/09/11 10:12:37 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/11 10:12:37 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/10 16:23:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/10 15:42:57 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/10 15:38:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/10 15:36:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/10 15:36:53 | 000,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/09/10 11:12:18 | 000,003,806 | ---- | M] () -- C:\Documents and Settings\micro\Desktop\zinput.cfg
[2011/09/10 11:12:17 | 000,020,680 | ---- | M] () -- C:\Documents and Settings\micro\Desktop\zsnesw.cfg
[2011/09/10 11:10:33 | 000,002,480 | ---- | M] () -- C:\Documents and Settings\micro\Desktop\zmovie.cfg
[2011/09/10 08:35:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/06 13:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/06 13:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/06 13:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/06 13:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/06 13:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/09/03 14:20:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/11 10:15:07 | 000,000,562 | ---- | C] () -- C:\WINDOWS\tasks\Norton PC Checkup Setup.job
[2011/07/16 16:54:15 | 000,016,982 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/07/04 22:16:48 | 000,005,406 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2011/07/04 17:44:38 | 000,160,218 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2011/07/04 17:25:03 | 000,000,528 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/12/22 13:11:45 | 000,021,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/12 18:30:38 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/12/12 13:03:25 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/12/12 13:03:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/12/12 11:48:07 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\micro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/11 19:39:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/11 19:19:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2010/12/11 19:15:31 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2010/12/11 19:14:20 | 000,002,637 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/12/11 19:13:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/12/11 18:57:16 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2010/04/21 19:37:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/04/21 19:36:04 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/04/21 19:36:04 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/04/21 19:36:04 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/04/21 19:36:04 | 000,174,820 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/04/21 18:37:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/21 18:33:07 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/21 18:33:07 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010/04/21 18:33:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2010/04/21 18:26:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/21 18:21:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/21 11:16:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/21 11:15:23 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/08/11 12:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/11 10:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2011/07/07 17:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2011/05/16 15:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/09/11 10:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/03/07 20:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/22 12:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/16 09:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\COW
[2011/07/07 17:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\id Software
[2011/03/13 22:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\LolClient
[2011/08/06 13:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\MusE
[2011/05/16 15:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\NCH Swift Sound
[2011/07/19 15:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\PriceGong
[2011/09/10 11:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\SystemRequirementsLab
[2011/09/11 10:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\uTorrent
[2011/05/16 15:31:58 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\expressSevenDays.job
[2011/05/19 15:31:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\expressShakeIcon.job
[2011/09/10 15:42:57 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/05/22 17:20:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\scribeShakeIcon.job

========== Purity Check ==========



< End of report >

Attached Files


  • 0

Advertisements

#2
Render
Posted 15 September 2011 - 04:43 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

Sorry for the delay.

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Do you use a router and are any other computers using it experiencing the same redirects?

Are redirects apparent in IE, Firefox or both?

Please uninstall following programs (if present):

  • Conduit Engine (any program with word Conduit in name)
  • Microsoft Security Essentials


How to unistall program in Windows XP:

  • Click Start, click Control Panel, and then double-click Add or Remove Programs.
  • In the Currently installed programs box, click the program that you want to remove, and then click Remove.
  • If you are prompted to confirm the removal of the program, click Yes.

Step 1

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista, 7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step 2

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please right click on Posted Image on your desktop and click on Run as administrator.
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
PRC - [2010/03/25 22:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
MOD - [2011/09/10 16:02:05 | 000,091,648 | -H-- | M] () -- C:\Documents and Settings\micro\Local Settings\Temp\~3E.tmp
SRV - [2010/03/25 22:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
DRV - [2011/09/10 15:37:56 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3914A04-257C-40DE-88F9-887BAA1AEE2B}\MpKslc6e86ea3.sys -- (MpKslc6e86ea3)
DRV - [2011/09/10 15:25:08 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3914A04-257C-40DE-88F9-887BAA1AEE2B}\MpKsl5cbeaf35.sys -- (MpKsl5cbeaf35)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
[2011/07/28 00:28:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{3ff8cd7f-d432-4f17-971c-02781620036e}
[2011/08/16 11:03:23 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/12/11 19:51:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/11 19:51:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O33 - MountPoints2\{936f2dfa-059d-11e0-ba1e-001d7dd83c8c}\Shell - "" = AutoRun
O33 - MountPoints2\{936f2dfa-059d-11e0-ba1e-001d7dd83c8c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{936f2dfa-059d-11e0-ba1e-001d7dd83c8c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[2011/08/31 19:00:26 | 000,000,000 | ---D | C] -- C:\a5b73b10f2bbfc79eed9c613ce9c
  	
:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 3

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select No.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 4

Please delte your copy of OTL.exe located here: C:\Documents and Settings\micro\My Documents\Downloads\OTL.exe

Posted Image OTL Custom Scan

  • Download OTL to your Desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • GooredFix log
  • OTL fix log
  • aswMBR log
  • OTL scan log
  • Extras log

  • 0

#3
Ape_Ocalypse
Posted 15 September 2011 - 07:08 PM

Ape_Ocalypse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for your reply! As for your questions: My computer is the only one with the problem and I only use firefox, so I don't know if redirects would affect internet explorer as well. Here are all the results you requested:


GooredFix by jpshortstuff (03.07.10.1)
Log created at 17:25 on 15/09/2011 (micro)
Firefox version 6.0.2 (en-US)

========== GooredScan ==========

Deleting "C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{3ff8cd7f-d432-4f17-971c-02781620036e}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:51 12/12/2010]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [02:51 12/12/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [02:51 12/12/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [02:51 12/12/2010]

C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [18:03 16/08/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [02:51 12/12/2010]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [19:43 11/08/2011]

-=E.O.F=-

All processes killed
========== OTL ==========
No active process named MsMpEng.exe was found!
Service MsMpSvc stopped successfully!
Service MsMpSvc deleted successfully!
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe moved successfully.
Error: No service named MpKslc6e86ea3 was found to stop!
Service\Driver key MpKslc6e86ea3 not found.
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3914A04-257C-40DE-88F9-887BAA1AEE2B}\MpKslc6e86ea3.sys not found.
Service MpKsl5cbeaf35 stopped successfully!
Service MpKsl5cbeaf35 deleted successfully!
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3914A04-257C-40DE-88F9-887BAA1AEE2B}\MpKsl5cbeaf35.sys not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
C:\Program Files\uTorrentBar\tbuTor.dll moved successfully.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: [email protected]:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 removed from extensions.enabledItems
Folder C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{3ff8cd7f-d432-4f17-971c-02781620036e}\ not found.
C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\tbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\tbuTor.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files\uTorrentBar\tbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSSE deleted successfully.
c:\Program Files\Microsoft Security Essentials\msseces.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{936f2dfa-059d-11e0-ba1e-001d7dd83c8c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{936f2dfa-059d-11e0-ba1e-001d7dd83c8c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{936f2dfa-059d-11e0-ba1e-001d7dd83c8c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{936f2dfa-059d-11e0-ba1e-001d7dd83c8c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{936f2dfa-059d-11e0-ba1e-001d7dd83c8c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{936f2dfa-059d-11e0-ba1e-001d7dd83c8c}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 not found.
C:\a5b73b10f2bbfc79eed9c613ce9c folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\micro\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\micro\My Documents\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: micro
->Temp folder emptied: 4717643 bytes
->Temporary Internet Files folder emptied: 6700906 bytes
->Java cache emptied: 14024937 bytes
->FireFox cache emptied: 48990893 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 578 bytes

User: NetworkService
->Temp folder emptied: 728182 bytes
->Temporary Internet Files folder emptied: 124683981 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 283071 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94778159 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 284.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: micro
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.28.0 log created on 09152011_173001

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-15 17:36:00
-----------------------------
17:36:00.093 OS Version: Windows 5.1.2600 Service Pack 3
17:36:00.093 Number of processors: 2 586 0x4302
17:36:00.093 ComputerName: ANDREW UserName: micro
17:36:00.921 Initialize success
17:36:01.031 AVAST engine defs: 11091501
17:36:12.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
17:36:12.015 Disk 0 Vendor: WDC_WD2500JB-00GVC0 08.02D08 Size: 238474MB BusType: 3
17:36:14.031 Disk 0 MBR read successfully
17:36:14.031 Disk 0 MBR scan
17:36:14.031 Disk 0 unknown MBR code
17:36:14.031 Disk 0 scanning sectors +488392065
17:36:14.093 Disk 0 scanning C:\WINDOWS\system32\drivers
17:36:18.078 Service scanning
17:36:19.234 Modules scanning
17:36:22.796 Disk 0 trace - called modules:
17:36:22.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:36:22.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b071ab8]
17:36:22.828 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8b0749e8]
17:36:22.828 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x8b072d98]
17:36:23.234 AVAST engine scan C:\WINDOWS
17:36:26.265 AVAST engine scan C:\WINDOWS\system32
17:37:19.781 AVAST engine scan C:\WINDOWS\system32\drivers
17:37:28.500 AVAST engine scan C:\Documents and Settings\micro
17:38:02.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\micro\Desktop\MBR.dat"
17:38:02.109 The log file has been saved successfully to "C:\Documents and Settings\micro\Desktop\aswMBR.txt"


OTL logfile created on: 9/15/2011 5:48:43 PM - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\micro\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 77.90% Memory free
4.72 Gb Paging File | 4.29 Gb Available in Paging File | 90.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 119.61 Gb Free Space | 51.36% Space Free | Partition Type: NTFS

Computer Name: ANDREW | User Name: micro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/15 17:42:21 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\micro\My Documents\Downloads\OTL.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/26 19:08:29 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/02/15 14:34:39 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/05 16:10:08 | 001,056,864 | ---- | M] () -- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
PRC - [2003/11/25 04:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2R1.EXE


========== Modules (No Company Name) ==========

MOD - [2011/09/15 13:54:13 | 001,567,232 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091501\algo.dll
MOD - [2011/09/15 10:02:22 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091501\aswRep.dll
MOD - [2011/09/15 02:34:41 | 001,563,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091500\algo.dll
MOD - [2011/09/14 14:31:20 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091500\aswRep.dll
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/12/12 19:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 19:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2004/06/05 16:10:08 | 001,056,864 | ---- | M] () -- C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/05/15 12:58:12 | 000,823,296 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)


========== Driver Services (SafeList) ==========

DRV - [2011/09/14 19:30:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CDEE94-0CFF-419C-924E-22AD9B0728C9}\MpKslc4493310.sys -- (MpKslc4493310)
DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 13:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/12 14:41:22 | 005,867,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/01/26 20:05:00 | 004,078,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/11/17 16:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 16:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/28 09:26:03 | 000,384,896 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2008/12/12 19:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/05 16:32:02 | 000,644,096 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/10/06 16:11:04 | 000,025,312 | ---- | M] (Linksys) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB10T2B.sys -- (USB10T2B)
DRV - [2008/07/31 23:38:20 | 003,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007/11/22 15:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2004/06/04 13:12:10 | 000,379,488 | R--- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/05/20 10:46:42 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/05/20 10:46:38 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/12/17 15:30:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 85 07 19 1F 79 09 F2 4C A0 06 08 8A 3C 18 D7 6B [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 85 07 19 1F 79 09 F2 4C A0 06 08 8A 3C 18 D7 6B [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 85 07 19 1F 79 09 F2 4C A0 06 08 8A 3C 18 D7 6B [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 85 07 19 1F 79 09 F2 4C A0 06 08 8A 3C 18 D7 6B [binary data]

IE - HKU\S-1-5-21-842925246-1677128483-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-842925246-1677128483-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 85 07 19 1F 79 09 F2 4C A0 06 08 8A 3C 18 D7 6B [binary data]
IE - HKU\S-1-5-21-842925246-1677128483-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-1677128483-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/10 08:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 19:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 22:34:10 | 000,000,000 | ---D | M]

[2010/12/11 19:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\micro\Application Data\Mozilla\Extensions
[2011/09/15 17:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\micro\Application Data\Mozilla\Firefox\Profiles\8lvpcw4h.default\extensions
[2011/09/15 17:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/10 08:35:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/12/11 19:51:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/06 19:34:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 22:34:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/15 17:30:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-842925246-1677128483-1801674531-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1677128483-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1271900086765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1271902006781 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6624F47C-F1A2-4DD2-A57D-4759773CD7EA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA85781E-3BFB-4C69-8FA1-CC3C7717CC2F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC0D14A1-3C09-4534-B9FF-EC8C66B5C22C}: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\micro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\micro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/21 18:24:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/15 17:30:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/15 17:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\micro\Desktop\GooredFix Backups
[2011/09/14 20:33:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\micro\Recent
[2011/09/11 13:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\micro\Local Settings\Application Data\Tific
[2011/09/11 13:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\micro\Application Data\Tific
[2011/09/11 13:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/09/11 13:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/09/11 10:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/09/11 10:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2011/09/11 10:10:55 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/09/11 10:10:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/09/10 15:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\micro\Local Settings\Application Data\My Games
[2011/09/10 15:15:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/09/10 15:15:47 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/09/10 15:15:46 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/09/10 15:15:40 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/09/10 15:15:40 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/09/10 15:15:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/09/10 15:15:38 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/09/10 15:15:37 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2011/09/10 15:15:37 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2011/09/10 15:15:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2011/09/10 15:15:36 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2011/09/10 15:15:36 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2011/09/10 15:15:35 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2011/09/10 15:15:35 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2011/09/10 15:15:34 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/09/10 15:15:34 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2011/09/10 15:15:34 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2011/09/10 15:15:33 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2011/09/10 15:15:33 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2011/09/10 15:15:32 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2011/09/10 15:15:32 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2011/09/10 15:15:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2011/09/10 15:15:28 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2011/09/10 15:15:28 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2011/09/10 15:15:27 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2011/09/10 15:15:27 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2011/09/10 15:15:26 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2011/09/10 15:15:26 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2011/09/10 15:15:25 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2011/09/10 15:15:24 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2011/09/10 15:15:24 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2011/09/10 15:15:23 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2011/09/10 15:15:22 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2011/09/10 15:15:22 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2011/09/10 15:15:21 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2011/09/10 15:15:21 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2011/09/10 15:15:19 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2011/09/10 15:15:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2011/09/10 15:15:18 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2011/09/10 15:15:18 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2011/09/10 15:15:17 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2011/09/10 15:15:17 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2011/09/10 15:15:16 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2011/09/10 15:15:15 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2011/09/10 15:15:15 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2011/09/10 15:15:14 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2011/09/10 15:15:14 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2011/09/10 15:15:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2011/09/10 15:15:13 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2011/09/10 15:15:13 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2011/09/10 15:15:12 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2011/09/10 15:15:12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2011/09/10 15:15:11 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2011/09/10 15:15:10 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2011/09/10 15:15:09 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/09/10 15:15:09 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2011/09/10 15:15:08 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/09/10 15:15:08 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2011/09/10 15:15:08 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2011/09/10 15:15:07 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2011/09/10 15:15:07 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2011/09/10 15:15:06 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2011/09/10 15:15:06 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2011/09/10 15:15:05 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2011/09/10 15:15:05 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2011/09/10 15:15:04 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2011/09/10 15:15:04 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2011/09/10 15:15:03 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2011/09/10 15:15:03 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2011/09/10 15:15:03 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2011/09/10 15:15:02 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2011/09/10 15:15:01 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/09/10 15:15:01 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/09/10 15:15:00 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2011/09/10 11:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/09/10 11:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\micro\Application Data\SystemRequirementsLab
[1998/12/08 19:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/08 19:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/08 19:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/08 19:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/08 19:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/08 19:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL

========== Files - Modified Within 30 Days ==========

[2011/09/15 17:38:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\micro\Desktop\MBR.dat
[2011/09/15 17:32:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/15 17:32:15 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/15 17:31:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/15 17:31:45 | 000,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/09/15 17:30:20 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/15 17:24:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/14 19:35:46 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/11 14:15:27 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\micro\Desktop\Sid Meier's Civilization III Complete.url
[2011/09/11 10:12:37 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/11 10:12:37 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/10 16:23:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/10 11:12:18 | 000,003,806 | ---- | M] () -- C:\Documents and Settings\micro\Desktop\zinput.cfg
[2011/09/10 11:12:17 | 000,020,680 | ---- | M] () -- C:\Documents and Settings\micro\Desktop\zsnesw.cfg
[2011/09/10 11:10:33 | 000,002,480 | ---- | M] () -- C:\Documents and Settings\micro\Desktop\zmovie.cfg
[2011/09/10 08:35:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/09 02:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/06 13:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/06 13:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/06 13:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/06 13:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/06 13:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/09/03 14:20:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/09/15 17:38:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\micro\Desktop\MBR.dat
[2011/09/11 14:15:27 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\micro\Desktop\Sid Meier's Civilization III Complete.url
[2011/07/16 16:54:15 | 000,016,982 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/07/04 22:16:48 | 000,005,406 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2011/07/04 17:44:38 | 000,160,218 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2011/07/04 17:25:03 | 000,000,528 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/12/22 13:11:45 | 000,021,184 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/12 18:30:38 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/12/12 13:03:25 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/12/12 13:03:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/12/12 11:48:07 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\micro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/11 19:39:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/11 19:19:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2010/12/11 19:15:31 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2010/12/11 19:14:20 | 000,002,637 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/12/11 19:13:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/12/11 18:57:16 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2010/04/21 19:37:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/04/21 19:36:04 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/04/21 19:36:04 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/04/21 19:36:04 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/04/21 19:36:04 | 000,174,820 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/04/21 18:37:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/21 18:33:07 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/21 18:33:07 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010/04/21 18:33:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2010/04/21 18:26:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/21 18:21:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/21 11:16:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/21 11:15:23 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/08/11 12:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/11 10:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2011/07/07 17:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2011/05/16 15:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/09/11 10:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/03/07 20:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/22 12:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/16 09:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\COW
[2011/07/07 17:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\id Software
[2011/03/13 22:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\LolClient
[2011/08/06 13:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\MusE
[2011/05/16 15:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\NCH Swift Sound
[2011/07/19 15:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\PriceGong
[2011/09/10 11:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\SystemRequirementsLab
[2011/09/11 13:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\Tific
[2011/09/15 17:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\micro\Application Data\uTorrent
[2011/05/16 15:31:58 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\expressSevenDays.job
[2011/05/19 15:31:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\expressShakeIcon.job
[2011/09/14 19:35:46 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/05/22 17:20:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\scribeShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/06 19:34:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/06 19:34:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/06 19:34:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/06 19:34:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/06 19:34:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/06 19:34:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/06 19:34:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/06 19:34:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/06 19:34:31 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/06 19:34:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/06 19:34:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/06 19:34:35 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 05:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >


OTL Extras logfile created on: 9/15/2011 5:48:43 PM - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\micro\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 77.90% Memory free
4.72 Gb Paging File | 4.29 Gb Available in Paging File | 90.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 119.61 Gb Free Space | 51.36% Space Free | Partition Type: NTFS

Computer Name: ANDREW | User Name: micro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-842925246-1677128483-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58975:TCP" = 58975:TCP:*:Enabled:Pando Media Booster
"58975:UDP" = 58975:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"58975:TCP" = 58975:TCP:*:Enabled:Pando Media Booster
"58975:UDP" = 58975:UDP:*:Enabled:Pando Media Booster
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
"6980:TCP" = 6980:TCP:*:Enabled:League of Legends Launcher
"6980:UDP" = 6980:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe" = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe:*:Enabled:NETGEAR WG111 Smart Wizard -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Microsoft Security Essentials\msseces.exe" = C:\Program Files\Microsoft Security Essentials\msseces.exe:*:Enabled:Microsoft Security Essentials
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"C:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe" = C:\Program Files\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe:*:Enabled:Audiosurf Demo -- ()
"C:\Program Files\Steam\steamapps\common\fear ultimate shooter edition\FEAR.exe" = C:\Program Files\Steam\steamapps\common\fear ultimate shooter edition\FEAR.exe:*:Enabled:F.E.A.R. -- (Monolith Productions, Inc.)
"C:\Program Files\Steam\steamapps\common\fear ultimate shooter edition\FEARXP\FEARXP.exe" = C:\Program Files\Steam\steamapps\common\fear ultimate shooter edition\FEARXP\FEARXP.exe:*:Enabled:F.E.A.R.: Extraction Point -- (Monolith Productions, Inc.)
"C:\Program Files\Steam\steamapps\common\fear ultimate shooter edition\FEARXP2\FEARXP2.exe" = C:\Program Files\Steam\steamapps\common\fear ultimate shooter edition\FEARXP2\FEARXP2.exe:*:Enabled:F.E.A.R.: Perseus Mandate -- (TimeGate Studios, Inc.)
"C:\Program Files\Steam\steamapps\common\ava\REACTOR.exe" = C:\Program Files\Steam\steamapps\common\ava\REACTOR.exe:*:Enabled:Alliance of Valiant Arms -- (NHN Corporation)
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files\Steam\steamapps\common\sid meier's civilization v\Launcher.exe" = C:\Program Files\Steam\steamapps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)
"C:\Program Files\Steam\steamapps\common\sid meier's civilization iii complete\Conquests\Civ3Conquests.exe" = C:\Program Files\Steam\steamapps\common\sid meier's civilization iii complete\Conquests\Civ3Conquests.exe:*:Enabled:Sid Meier's Civilization III: Complete -- (© 2001-2004 Atari Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{21B9CC18-8AB7-402F-B343-CD2127FC3CFC}" = NETGEAR WG111 Software
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 22
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56EC96C1-1FC1-4188-9A96-8142A2EE694F}" = Pure Networks Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Catan Online Welt" = Catan Online World
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"EPSON Printer and Utilities" = EPSON Printer Software
"Express" = Express Dictate
"Foxit PDF Creator" = Foxit PDF Creator
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Halo CE" = Microsoft Halo Custom Edition
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"ie8" = Windows Internet Explorer 8
"Linksys Wireless Manager" = Linksys Wireless Manager
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"LucasArts' TIE Fighter" = LucasArts' TIE Fighter
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MuseScore" = MuseScore 1.1 MuseScore score typesetter
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Scribe" = Express Scribe
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 12910" = Audiosurf Demo
"Steam App 21090" = F.E.A.R.
"Steam App 21110" = F.E.A.R.: Extraction Point
"Steam App 21120" = F.E.A.R.: Perseus Mandate
"Steam App 3910" = Sid Meier's Civilization III: Complete
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"Steam App 8930" = Sid Meier's Civilization V
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-1677128483-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2011 4:20:36 PM | Computer Name = ANDREW | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 2.1.6805.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 9/10/2011 10:00:20 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 9/11/2011 1:11:20 PM | Computer Name = ANDREW | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2278, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 9/11/2011 1:23:17 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11313
Description = Product: Driver Detective -- Error 1313.The volume D:\ is currently
unavailable. Please select another.

Error - 9/11/2011 1:23:20 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11313
Description = Product: Driver Detective -- Error 1313.The volume D:\ is currently
unavailable. Please select another.

Error - 9/11/2011 1:23:21 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11313
Description = Product: Driver Detective -- Error 1313.The volume D:\ is currently
unavailable. Please select another.

Error - 9/11/2011 10:00:20 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 9/12/2011 10:00:19 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 9/13/2011 10:00:18 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 9/14/2011 10:00:19 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

[ Application Events ]
Error - 9/10/2011 4:20:36 PM | Computer Name = ANDREW | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 2.1.6805.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 9/10/2011 10:00:20 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 9/11/2011 1:11:20 PM | Computer Name = ANDREW | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 2278, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 9/11/2011 1:23:17 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11313
Description = Product: Driver Detective -- Error 1313.The volume D:\ is currently
unavailable. Please select another.

Error - 9/11/2011 1:23:20 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11313
Description = Product: Driver Detective -- Error 1313.The volume D:\ is currently
unavailable. Please select another.

Error - 9/11/2011 1:23:21 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11313
Description = Product: Driver Detective -- Error 1313.The volume D:\ is currently
unavailable. Please select another.

Error - 9/11/2011 10:00:20 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 9/12/2011 10:00:19 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 9/13/2011 10:00:18 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 9/14/2011 10:00:19 PM | Computer Name = ANDREW | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

[ System Events ]
Error - 9/14/2011 2:46:54 PM | Computer Name = ANDREW | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.11 on
the Network Card with network address 000FB59073B8.

Error - 9/14/2011 10:01:05 PM | Computer Name = ANDREW | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2512827).

Error - 9/15/2011 8:30:01 PM | Computer Name = ANDREW | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/15/2011 8:30:01 PM | Computer Name = ANDREW | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 9/15/2011 8:30:02 PM | Computer Name = ANDREW | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/15/2011 8:30:02 PM | Computer Name = ANDREW | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/15/2011 8:30:02 PM | Computer Name = ANDREW | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/15/2011 8:30:02 PM | Computer Name = ANDREW | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 9/15/2011 8:30:02 PM | Computer Name = ANDREW | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/15/2011 8:30:18 PM | Computer Name = ANDREW | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Microsoft Antimalware Service
service, but this action failed with the following error: %%1058


< End of report >
  • 0

#4
Render
Posted 16 September 2011 - 06:56 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Are the redirects still evident?

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please right click on Posted Image on your desktop and click on Run as administrator.
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
DRV - [2011/09/14 19:30:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CDEE94-0CFF-419C-924E-22AD9B0728C9}\MpKslc4493310.sys -- (MpKslc4493310)
  	
:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
Ape_Ocalypse
Posted 16 September 2011 - 12:18 PM

Ape_Ocalypse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
No, I haven't been redirected since completing the steps you gave me earlier. Should I proceed with the OTL Fix?
  • 0

#6
Render
Posted 16 September 2011 - 12:37 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Should I proceed with the OTL Fix?

Yes please.

Then proceed with this:

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • VRT scan report
  • Attached analysis zip file

  • 0

#7
Ape_Ocalypse
Posted 16 September 2011 - 06:47 PM

Ape_Ocalypse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
All processes killed
========== OTL ==========
Error: Unable to stop service MpKslc4493310!
Service\Driver key MpKslc4493310 not found.
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{24CDEE94-0CFF-419C-924E-22AD9B0728C9}\MpKslc4493310.sys not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\micro\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\micro\My Documents\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: micro
->Temp folder emptied: 2447818 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38087176 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10383 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: micro
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.28.0 log created on 09162011_125510

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Status: Deleted (events: 4)
9/16/2011 3:26:48 PM Deleted Trojan program Trojan.Win32.Scar.ekgi C:\System Volume Information\_restore{4ACEA4D3-0874-4B8F-8A9C-620182911D23}\RP496\A0025393.exe High
9/16/2011 3:26:47 PM Deleted Trojan program Trojan.Win32.Scar.ekgi C:\System Volume Information\_restore{4ACEA4D3-0874-4B8F-8A9C-620182911D23}\RP496\A0025392.exe High
9/16/2011 3:26:48 PM Deleted Trojan program Trojan.Win32.Scar.ekgi C:\System Volume Information\_restore{4ACEA4D3-0874-4B8F-8A9C-620182911D23}\RP496\A0025393.exe//PE-Crypt.XorPE High
9/16/2011 3:26:47 PM Deleted Trojan program Trojan.Win32.Scar.ekgi C:\System Volume Information\_restore{4ACEA4D3-0874-4B8F-8A9C-620182911D23}\RP496\A0025392.exe//PE-Crypt.XorPE High

Attached Files


  • 0

#8
Render
Posted 18 September 2011 - 05:16 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Reset System Restore points:

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :Commands
    [ClearAllRestorePoints]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.

NEXT...

OTL Clean-Up:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
  • Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.
  • 0

#9
Ape_Ocalypse
Posted 18 September 2011 - 09:46 AM

Ape_Ocalypse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Great! Thanks for your help!
  • 0

#10
Render
Posted 18 September 2011 - 09:51 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You're welcome.
  • 0

#11
Render
Posted 29 September 2011 - 02:20 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP