Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Internet Redirects

Unread postby Jack&Jill » June 4th, 2010, 10:30 pm

Hello GradStudent :),

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Do not mouse click on ComboFix while it is running. That may cause it to stall.

Run ComboFix script
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here.
  • Open Notepad. Copy and paste the following text into it:
    Code: Select all
    Folder::
    c:\documents and settings\Doug and Becky\Local Settings\Application Data\cenprgbgk
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    
    DDS::
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway

  • Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, a log will be produced as C:\ComboFix.txt. Copy and paste the contents of the log in your next reply.
  • If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
  • Enable back your security softwares as soon as you completed the ComboFix steps.

--------------------

I want you to update MBAM and run a scan.
  • Open MBAM and click on the Update tab, then Check for Updates.
  • When completed, go to back to the Scanner tab and select Perform full scan. Click Scan.
  • Leave the default options as it is and click on Start Scan.
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  • After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Java(TM) 6 Update 18
Java(TM) 6 Update 4
Java(TM) 6 Update 7


  • Go to the Java SE download page. Click here.
  • Look for JDK 6 Update 20 (JDK or JRE). Click the Download JRE button to the right.
  • Select Windows from the drop-down list for Platform.
  • Check I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement after reading it, and click Continue >>. The page will refresh.
  • Under the Windows Offline Installation title, click on the link which says jre-6u20-windows-i586.exe and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then, from your desktop, double click on the download to install the newest version. Reboot your computer.

--------------------

Please post back:
1. the ComboFix log
2. new MBAM report
3. any more problems?
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia
Advertisement
Register to Remove

Re: Internet Redirects

Unread postby GradStudent » June 5th, 2010, 12:07 am

ComboFix 10-06-03.01 - Doug and Becky 06/04/2010 20:44:43.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.988 [GMT -7:00]
Running from: c:\documents and settings\Doug and Becky\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Doug and Becky\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Doug and Becky\Local Settings\Application Data\cenprgbgk

.
((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))
.

2010-06-04 19:29 . 2010-06-04 19:29 -------- d-----w- c:\program files\ESET
2010-06-04 13:21 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Doug and Becky\Application Data\mjusbsp\in00000\setup.exe
2010-06-03 23:51 . 2010-06-03 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-06-01 17:48 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Doug and Becky\Application Data\mjusbsp\ar00000\install.exe
2010-06-01 13:20 . 2010-06-01 13:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 02:27 . 2010-05-29 02:27 -------- d-----w- C:\_OTL
2010-05-29 02:23 . 2010-05-29 02:23 -------- d-----w- c:\program files\ERUNT
2010-05-26 02:56 . 2010-05-26 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-25 03:48 . 2010-05-25 03:48 388096 ----a-r- c:\documents and settings\Doug and Becky\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-25 03:48 . 2010-05-25 03:48 -------- d-----w- c:\program files\trendmicro
2010-05-25 02:39 . 2010-05-25 02:39 348160 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f363095-n\msvcr71.dll
2010-05-25 02:39 . 2010-05-25 02:39 503808 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f363095-n\msvcp71.dll
2010-05-25 02:39 . 2010-05-25 02:39 499712 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f363095-n\jmc.dll
2010-05-25 02:39 . 2010-05-25 02:39 61440 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65fbe609-n\decora-sse.dll
2010-05-25 02:39 . 2010-05-25 02:39 12800 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65fbe609-n\decora-d3d.dll
2010-05-18 16:11 . 2010-05-18 16:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-18 16:06 . 2010-05-18 16:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-18 13:06 . 2010-05-18 13:06 -------- d-----w- c:\documents and settings\Doug and Becky\Application Data\Malwarebytes
2010-05-18 13:06 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 13:06 . 2010-05-18 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-18 13:06 . 2010-05-18 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 13:06 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-14 04:46 . 2010-05-14 04:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-14 04:46 . 2010-05-14 04:47 -------- d-----w- c:\documents and settings\Doug and Becky\Local Settings\Application Data\Temp
2010-05-10 22:54 . 2010-05-10 22:54 -------- d-----w- c:\program files\JRE
2010-05-10 22:42 . 2010-05-10 22:42 -------- d-----w- c:\program files\readmes
2010-05-10 22:42 . 2010-05-10 22:42 -------- d-----w- c:\program files\redist
2010-05-10 22:42 . 2010-05-10 22:42 -------- d-----w- c:\program files\licenses

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 03:38 . 2009-09-11 01:51 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 01:42 . 2005-04-25 21:46 -------- d-----w- c:\program files\e-Sword
2010-06-04 15:44 . 2009-08-29 01:12 1 ----a-w- c:\documents and settings\Doug and Becky\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-04 13:21 . 2009-08-29 19:26 -------- d-----w- c:\documents and settings\Doug and Becky\Application Data\mjusbsp
2010-06-01 17:45 . 2004-08-04 11:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2010-06-01 13:20 . 2008-07-24 13:01 -------- d-----w- c:\program files\Common Files\Java
2010-05-18 16:09 . 2004-12-02 20:57 103256 ----a-w- c:\documents and settings\Doug and Becky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-14 04:47 . 2007-03-24 21:28 -------- d-----w- c:\program files\Google
2010-05-13 21:10 . 2009-10-13 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-12 18:21 . 2009-10-02 21:10 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 04:01 . 2009-08-29 01:45 -------- d-----w- c:\documents and settings\Doug and Becky\Application Data\Skype
2010-05-10 22:54 . 2009-08-29 01:07 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-10 22:42 . 2008-07-24 13:05 -------- d-----w- c:\program files\Java
2010-05-01 04:07 . 2010-05-01 04:05 -------- d-----w- c:\program files\iTunes
2010-05-01 04:05 . 2010-05-01 04:05 -------- d-----w- c:\program files\iPod
2010-05-01 04:05 . 2010-03-01 01:17 -------- d-----w- c:\program files\Common Files\Apple
2010-05-01 03:56 . 2010-05-01 03:56 -------- d-----w- c:\program files\Bonjour
2010-05-01 03:54 . 2010-05-01 03:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-23 04:19 . 2009-10-13 01:45 -------- d-----w- c:\program files\Microsoft Works
2010-04-23 04:18 . 2010-04-23 04:18 -------- d-----w- c:\program files\MSBuild
2010-04-17 05:05 . 2010-03-01 01:34 -------- d-----w- c:\documents and settings\Doug and Becky\Application Data\Apple Computer
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-10 06:15 . 2004-08-04 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-02 13:09 . 2010-02-02 13:09 135558563 ----a-w- c:\program files\openofficeorg1.cab
2010-02-02 13:09 . 2010-02-02 13:09 10177536 ----a-w- c:\program files\openofficeorg32.msi
2010-02-01 23:27 . 2010-02-01 23:27 290 ----a-w- c:\program files\setup.ini
2009-10-13 00:55 . 2009-10-13 00:37 526428264 ----a-w- c:\program files\X12-30307.exe
2007-09-20 20:07 . 2007-09-20 20:04 124607748 ----a-w- c:\program files\OOo_2.3.0_Win32Intel_install_wJRE_en-US.exe
2007-06-17 21:28 . 2007-06-17 21:28 1626624 -c--a-w- c:\program files\RhapsodyPlayerEngine_gt.msi
2005-06-19 02:12 . 2005-06-19 02:12 1968105 -c--a-w- c:\program files\tabview.zip
2007-09-04 20:53 . 2007-09-04 20:53 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"cdloader"="c:\documents and settings\Doug and Becky\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-29 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\SprintESol\IPMon32.exe" [2003-06-12 122880]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Doug and Becky\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Doug and Becky\\Application Data\\mjusbsp\\magicJack.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/12/2009 3:57 PM 108289]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\SYSTEM32\DRIVERS\V0350Afx.sys [9/11/2009 9:28 PM 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\SYSTEM32\DRIVERS\V0350Vfx.sys [9/11/2009 9:28 PM 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\SYSTEM32\DRIVERS\V0350Vid.sys [9/11/2009 9:28 PM 170368]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 9:46 PM 136176]
S2 mrtRate;mrtRate; [x]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\SYSTEM32\DRIVERS\wg111v3.sys [4/23/2007 11:11 AM 224896]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 04:46]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 04:46]

2004-12-02 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} - hxxp://www.live365.com/players/p365vip.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pbells.broadjump.com/wizlet/att ... Client.cab
FF - ProfilePath - c:\documents and settings\Doug and Becky\Application Data\Mozilla\Firefox\Profiles\u2vuh1g1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Doug and Becky\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 20:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3612)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-04 20:59:29
ComboFix-quarantined-files.txt 2010-06-05 03:59
ComboFix2.txt 2010-06-04 06:02

Pre-Run: 50,225,119,232 bytes free
Post-Run: 50,175,201,280 bytes free

- - End Of File - - 8FA8820BAD5FBE8AC7068E19A0F259C3
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby GradStudent » June 5th, 2010, 7:30 am

MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4170

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/4/2010 11:20:36 PM
mbam-log-2010-06-04 (23-20-36).txt

Scan type: Full scan (C:\|)
Objects scanned: 231082
Time elapsed: 2 hour(s), 8 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby GradStudent » June 5th, 2010, 7:44 am

RE: any more problems?

The problem of Internet redirects seems to have disappeared. (Thank you!) I have removed Java 6 Update 4 and 7; however Update 18 was not present, but Update 20 was. I don't know how or when that switch was accomplished, but I assume that is not a problem.

Also, I just now noticed that the disable and re-enable instructions for Spybot Teatimer include the reminder to download a "Reset Teatimer" zip file to reset the scripts. Should I go ahead and do that now?
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby Jack&Jill » June 5th, 2010, 8:45 am

Hello GradStudent :),

I have removed Java 6 Update 4 and 7; however Update 18 was not present, but Update 20 was. I don't know how or when that switch was accomplished, but I assume that is not a problem.
It is not a problem. Must have been automatic updated.

Also, I just now noticed that the disable and re-enable instructions for Spybot Teatimer include the reminder to download a "Reset Teatimer" zip file to reset the scripts. Should I go ahead and do that now?
Yes, you can do that. It clears off previous saved Teatimer entries.

Good to hear everything is good. I would like to see a new set of OTL logs before giving you the All Clear. Please rerun it with the 6 Use SafeList options and Scan All Users checked, then post the logs.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet Redirects

Unread postby GradStudent » June 5th, 2010, 11:42 am

OTL log:

OTL logfile created on: 6/5/2010 8:28:17 AM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Doug and Becky\Desktop\Debugging
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 47.43 Gb Free Space | 66.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOUGSPC
Current User Name: Doug and Becky
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/25 19:58:54 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug and Becky\Desktop\Debugging\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/03 08:02:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/26 16:46:32 | 012,526,424 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Doug and Becky\Application Data\mjusbsp\magicJack.exe
PRC - [2009/08/29 12:51:58 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 13:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 14:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/08/13 15:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/23 01:03:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0350Mon.exe
PRC - [2007/03/15 08:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/01/19 09:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/01/19 09:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2003/06/11 17:40:14 | 000,122,880 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SprintESol\ipmon32.exe


========== Modules (SafeList) ==========

MOD - [2010/05/25 19:58:54 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug and Becky\Desktop\Debugging\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2003/06/11 17:40:18 | 000,098,304 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SprintESol\IPHk2KS2.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/08/13 15:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 12:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2009/12/07 23:33:15 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 11:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2009/02/13 13:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 11:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/03/13 08:02:41 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/03/13 08:02:24 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/08/29 01:03:00 | 000,170,368 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\V0350Vid.sys -- (VF0350Vid) Live! Cam Video IM (VF0350)
DRV - [2007/06/11 01:01:02 | 000,142,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\V0350Afx.sys -- (VF0350Afx)
DRV - [2007/04/23 11:11:54 | 000,224,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wg111v3.sys -- (RTL8187B)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\V0350Vfx.sys -- (VF0350Vfx)
DRV - [2007/02/25 09:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 13:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/12/01 00:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/29 05:24:25 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys -- (MxlW2k)
DRV - [2004/11/22 23:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/15 22:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/15 22:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/15 22:05:00 | 000,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/15 22:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/15 22:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/15 22:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/15 22:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/15 22:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/15 22:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 08:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 08:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/15 21:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/04/26 08:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/08/28 17:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/05/23 11:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2704490180-69721270-2137662439-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2704490180-69721270-2137662439-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2704490180-69721270-2137662439-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.80
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 08:02:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/01 06:20:04 | 000,000,000 | ---D | M]

[2009/09/09 20:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug and Becky\Application Data\Mozilla\Extensions
[2010/06/04 18:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug and Becky\Application Data\Mozilla\Firefox\Profiles\u2vuh1g1.default\extensions
[2010/05/26 16:14:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Doug and Becky\Application Data\Mozilla\Firefox\Profiles\u2vuh1g1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/04 18:52:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/01 06:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/01 06:19:39 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/03 22:52:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2704490180-69721270-2137662439-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Visual Networks\Visual IP InSight\SprintESol\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2704490180-69721270-2137662439-1006..\Run: [cdloader] C:\Documents and Settings\Doug and Becky\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-2704490180-69721270-2137662439-1006..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-2704490180-69721270-2137662439-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2704490180-69721270-2137662439-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2704490180-69721270-2137662439-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2704490180-69721270-2137662439-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\Doug and Becky\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2704490180-69721270-2137662439-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2704490180-69721270-2137662439-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2704490180-69721270-2137662439-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2704490180-69721270-2137662439-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} https://www-secure.symantec.com/techsup ... gctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} https://www-secure.symantec.com/techsup ... gctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} http://www.live365.com/players/p365vip.cab (Live365PlayerVIP Class)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Reg Error: Value error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Reg Error: Value error.)
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (isInstalled Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/B ... ofupld.cab (Ofoto Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://10.1.1.60/viewer/activeXViewer/activexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pbells.broadjump.com/wizlet/att ... Client.cab (WebBrowserType Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Doug and Becky\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Doug and Becky\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/18 17:57:01 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/05 08:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug and Becky\Desktop\ResetTeaTimer
[2010/06/04 12:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/03 22:37:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/03 22:34:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/03 22:34:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/03 22:34:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/03 22:34:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/03 22:30:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/03 16:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/01 06:20:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/01 06:20:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/01 06:20:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/01 06:20:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/30 01:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/05/28 19:27:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/28 19:24:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/28 19:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/25 19:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug and Becky\Desktop\Debugging
[2010/05/25 19:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/05/24 20:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\trendmicro
[2010/05/23 18:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/23 18:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/18 11:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug and Becky\Desktop\Becky
[2010/05/18 09:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/18 09:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/18 09:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/18 06:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug and Becky\Application Data\Malwarebytes
[2010/05/18 06:06:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/18 06:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/18 06:06:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/18 06:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/13 21:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/13 21:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug and Becky\Local Settings\Application Data\Temp
[2010/05/10 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/05/10 15:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2010/05/10 15:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\redist
[2010/05/10 15:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\licenses

========== Files - Modified Within 30 Days ==========

[2010/06/05 07:59:18 | 000,001,053 | ---- | M] () -- C:\Documents and Settings\Doug and Becky\Desktop\magicJack.lnk
[2010/06/05 07:51:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/05 04:30:50 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\Doug and Becky\ntuser.dat
[2010/06/05 04:21:32 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Doug and Becky\Desktop\ResetTeaTimer.zip
[2010/06/04 21:51:03 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/04 20:59:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/04 20:55:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/04 20:40:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/06/04 20:38:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/06/04 20:38:56 | 1608,585,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/04 20:34:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Doug and Becky\NTUSER.INI
[2010/06/04 18:41:59 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\e-Sword.lnk
[2010/06/04 12:29:04 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Doug and Becky\Desktop\esetsmartinstaller_enu.exe
[2010/06/03 22:52:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/06/03 22:37:45 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/06/03 22:30:05 | 003,702,826 | R--- | M] () -- C:\Documents and Settings\Doug and Becky\Desktop\ComboFix.exe
[2010/06/03 16:51:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/03 16:01:43 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/02 16:56:15 | 000,000,240 | ---- | M] () -- C:\WINDOWS\qwimp.ini
[2010/06/02 16:53:34 | 000,000,984 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/06/02 16:11:15 | 000,000,554 | ---- | M] () -- C:\WINDOWS\intuprof.ini
[2010/06/01 06:19:38 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/01 06:19:38 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/01 06:19:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/01 06:19:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/01 06:19:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/31 12:47:14 | 000,105,229 | ---- | M] () -- C:\Documents and Settings\Doug and Becky\Desktop\neurological disease.pdf
[2010/05/31 12:19:22 | 000,183,904 | ---- | M] () -- C:\Documents and Settings\Doug and Becky\Desktop\policosanol.pdf
[2010/05/29 15:37:42 | 000,000,510 | ---- | M] () -- C:\WINDOWS\cdPlayer.ini
[2010/05/19 11:31:23 | 000,022,305 | ---- | M] () -- C:\Documents and Settings\Doug and Becky\My Documents\Saturn SL-2 Service History.ods
[2010/05/18 12:38:10 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Doug and Becky\My Documents\Questions for Office Coordinator position Fuller.doc
[2010/05/18 09:09:02 | 000,103,256 | ---- | M] () -- C:\Documents and Settings\Doug and Becky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/18 09:06:13 | 000,388,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/18 06:06:16 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/11 14:33:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/10 15:56:46 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk

========== Files Created - No Company Name ==========

[2010/06/05 04:21:38 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Doug and Becky\Desktop\ResetTeaTimer.zip
[2010/06/04 12:29:09 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Doug and Becky\Desktop\esetsmartinstaller_enu.exe
[2010/06/03 22:37:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/03 22:37:41 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/03 22:34:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/03 22:34:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/03 22:34:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/03 22:34:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/03 22:34:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/03 22:30:09 | 003,702,826 | R--- | C] () -- C:\Documents and Settings\Doug and Becky\Desktop\ComboFix.exe
[2010/05/31 12:47:13 | 000,105,229 | ---- | C] () -- C:\Documents and Settings\Doug and Becky\Desktop\neurological disease.pdf
[2010/05/31 12:19:38 | 000,183,904 | ---- | C] () -- C:\Documents and Settings\Doug and Becky\Desktop\policosanol.pdf
[2010/05/18 12:37:52 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Doug and Becky\My Documents\Questions for Office Coordinator position Fuller.doc
[2010/05/18 06:06:16 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/13 21:46:33 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/13 21:46:32 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/10 15:56:46 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2007/10/05 10:51:12 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/10/04 18:30:51 | 000,000,032 | ---- | C] () -- C:\WINDOWS\rclbackup.INI
[2007/10/04 18:16:48 | 000,000,020 | ---- | C] () -- C:\WINDOWS\churchps.ini
[2007/10/04 18:06:28 | 000,000,111 | ---- | C] () -- C:\WINDOWS\CSMesBox.INI
[2007/10/04 18:04:15 | 000,000,046 | ---- | C] () -- C:\WINDOWS\TipOfDay.ini
[2007/09/04 13:53:26 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/22 16:57:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/06/18 19:19:49 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Tabrite.ini
[2005/05/02 16:52:49 | 000,000,510 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/04/18 09:12:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/12/30 13:23:45 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2004/12/09 13:45:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/12/06 14:25:41 | 000,000,240 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/12/02 16:18:34 | 000,000,984 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/12/02 16:18:34 | 000,000,554 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/12/02 15:11:37 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/12/02 14:24:25 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/02 14:13:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/29 05:31:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/29 05:28:19 | 000,000,264 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/29 04:55:16 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 21:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2000/06/29 21:57:28 | 000,125,472 | ---- | C] () -- C:\WINDOWS\System32\hpf9xdr0.drv
< End of report >
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby Jack&Jill » June 6th, 2010, 12:01 pm

Hello GradStudent :),

Congratulations, you are All Clear to go. If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
  • Go to Start > Run.... Copy and paste the following text into the white box:
    ComboFix /uninstall
    Click OK.
  • Run OTL by double clicking on OTL.exe. Click on CleanUp at the upper right corner, proceed to reboot if prompted.
  • Delete the GMER file (8q266zxr.exe), the TDSSKiller files and the SysProt folder on your desktop .
  • Delete any logs on the desktop.
  • Uninstall HijackThis
    • Open HijackThis.
    • Go to Open the Misc Tools section by clicking on the box.
    • Scroll down until the bottom and under the Uninstall HijackThis section, click on Uninstall HijackThis & exit button.
    • Click Yes if prompted.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Purge System Restore. A recovery feature will only be useful if it is clean from malwares. See Windows XP System Restore Guide for some detail explanations.

3. Update your Antivirus program regularly, it is a must for constant protection against viruses.

4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

5. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications. If you want to try this, please uninstall Spybot S&D.

6. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.

7. Protect your computer from removable or USB drive infections with Panda USB Vaccine, an effective method to prevent malware from spreading.

8. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

9. Install a third party firewall if you do not have one for additional defense against internet dangers. Built-in Windows firewall can only keep nasties from breaking in, but unable to protect against any malwares from sending information out. Some recommended firewalls are Online Armor, Outpost and PC Tools. More information on firewalls. Please keep only one FW installed.

10. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

11. Also look up How to prevent malware: By miekiemoes and So how did I get infected in the first place? By Tony Klein.

Stay safe.

If you have been helped and wish to donate to support this volunteer site, go to Donations For Malware Removal.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet Redirects

Unread postby GradStudent » June 7th, 2010, 2:10 am

I have successfully uninstalled ComboFix, OTL, and the various files and logs you listed EXCEPT Hijack This. When I clicked on the box for "Open the Misc Tools section," I did not see a section in the box labeled "Uninstall Hijack This" or a button labeled "Uninstall Hijack This & Exit." I did see a "Open Uninstall Manger..." button, but didn't want to assume that this was the same button. For reference, the version of Hijack This on my computer is v.2.0.4. Let me know how I should proceed. We both thank you again for all of your help with our computer's problem.
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby Jack&Jill » June 7th, 2010, 3:05 am

Hello GradStudent :),

You are welcome.

Did you scroll down as what I have written in the instructions?
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet Redirects

Unread postby GradStudent » June 7th, 2010, 12:19 pm

Yes, we scrolled down to the bottom and did not find a button marked "Uninstall Hijack This and exit."
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby Jack&Jill » June 7th, 2010, 7:59 pm

Hello GradStudent :),

You can just delete the HijackThis file and its folder, if any. I guess we are done here. Safe surfing and take care.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet Redirects

Unread postby GradStudent » June 7th, 2010, 9:10 pm

Thanks again for your help, Jack&Jill. I was able to successfully remove the Hijack This program using the Add/Remove window. How about the ERUNT & MDiag and eset programs?
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby Jack&Jill » June 7th, 2010, 9:25 pm

Hello GradStudent :),

ERUNT is a registry backup program, so you can keep it and use it to do backing up of the registry as necessary.

MGADiag is used for Windows and Office validation, it is alright to leave it alone or delete it.

For ESET, the entry you see in the Add/Remove Programs list is a component of the online scan that we did earlier. You can leave that alone too, and maybe do online scan once a while to check how is your computer is faring.

Glad we could assist to solve your problem :) .
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet Redirects

Unread postby Dakeyras » June 10th, 2010, 5:22 am

As it appears this issue has been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware