Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox and IE are both redirecting to random sites.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Firefox and IE are both redirecting to random sites.

Unread postby treeman » October 26th, 2010, 1:36 am

It does not happen with all domains that I type into the browser window. But sometimes I will type in a certain URL say yahoo.com for example and it won't take me to yahoo it will take me to some random website?? Right before this happened my AVG notified me a couple times, (I don't remember the details of the warnings) but I let AVG get rid of whatever popped up. Also, I have noticed that sometimes when I use google and I click on a search result it again takes me to a random incorrect website. This is happening in Firefox and IE.

Thank you VERY much in advance for any help!! :)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:31:42 AM, on 10/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\AVG\AVG9\avgchsvx.exe
H:\Program Files\AVG\AVG9\avgrsx.exe
H:\Program Files\AVG\AVG9\avgcsrvx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\ALCXMNTR.EXE
H:\WINDOWS\AGRSMMSG.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Common Files\AOL\1205121144\ee\AOLSoftware.exe
H:\PROGRA~1\AVG\AVG9\avgtray.exe
H:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\AVG\AVG9\avgwdsvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\AOL\1205121144\ee\AOLDesktop.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\AVG\AVG9\avgnsx.exe
H:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Mozilla Firefox\plugin-container.exe
H:\Program Files\Envelope Manager\DAZzle\DAZZLE.EXE
H:\Program Files\AOL 9.1\waol.exe
H:\Program Files\AOL 9.1\shellmon.exe
H:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
H:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - H:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - H:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - H:\Program Files\AOL Toolbar\aoltb.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] H:\Program Files\Common Files\AOL\1205121144\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] H:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [F5D7050v3] H:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "H:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Startup: AOL Desktop.lnk = H:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - H:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect2.msmc.com/dana-cached/s ... tupSP1.cab
O16 - DPF: {EF34051A-402A-4ABE-AA20-04E1B4422BD9} (RemoteDVR_D6 Control) - http://ruizhome.webhop.net/RemoteDVR_D6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9E90859-A65C-47CD-BE40-2959A9CCEB1F}: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB130324-3510-493E-A30D-45501D269E46}: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.249,93.188.160.59
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - H:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - H:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - H:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 8106 bytes



Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 5.5
Adobe Reader 9.4.0
Agere Systems PCI Soft Modem
Alta Star FAR Forms
Altium Designer Summer 09 Viewer
AOL Registration
AOL Toolbar
AOL Toolbar for Firefox
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Belkin 54Mbps Wireless Network Adapter
Bonjour
C-Dilla Licence Management System
CDRoller version 7.50
Chinese Simplified Fonts Support For Adobe Reader 8
Critical Update for Windows Media Player 11 (KB959772)
CuteFTP 5.0 XP
DAZzle
Download Updater (AOL LLC)
Easy Photo Recovery
eMachineShop
FreeKapture 2.00 - Freeware
GerbMagic Version 3.6
GetDataBack for NTFS
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IsoBuster 2.4
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 5
LimeWire 5.5.7
Malwarebytes' Anti-Malware
MediaMonkey 3.1
MGI PhotoSuite III SE (Remove Only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.7)
MYRIAD 8.1
PicaLoader 1.7.1
Picasa 2
QuickTime
Recover Disc 2.0
Replay Converter 2.8
ScanMaker 3630
ScanModule V5.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SolidWorks eDrawings 2009
Spybot - Search & Destroy
Stellar Phoenix Photo Recovery v3.2
TinCam 1.06
UnzipThemAll 1.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6f
ViewMate 10.6
Viewpoint Media Player
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.0
WM Recorder 12.1
treeman
Active Member
 
Posts: 3
Joined: October 26th, 2010, 1:21 am
Advertisement
Register to Remove

Re: Firefox and IE are both redirecting to random sites.

Unread postby askey127 » October 27th, 2010, 4:26 pm

Hi treeman,
I see your Windows system is set up on drive H:
I would assume that you have a multi-boot system.
If it turns out you have a rootkit or Master Boot Record infection, how would you want me to treat it?
Some of our tools may have difficulty with nonstandard MBRs.

I addition, it may be much harder to get a proper diagnosis in a complex boot system.

As long as you understand my position on this, I will try to help.
There are no promises or guarantees of success, especially on this one.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program Limewire in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Save the Installer to your desktop, but don't run it yet.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG9_TRAY] H:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9E90859-A65C-47CD-BE40-2959A9CCEB1F}: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB130324-3510-493E-A30D-45501D269E46}: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 93.188.162.249,93.188.160.59
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.249,93.188.160.59
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG9\avgwdsvc.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

AVG Free 9.0
Java(TM) 6 Update 11
Java(TM) 6 Update 5
LimeWire 5.5.7
Spybot - Search & Destroy

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------
Run, Update, Scan with Antivir
Double Click the Avira Antivir Installer on your desktop. Install the program, Have it update itself, and run a full scan.
Have it fix anything it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Firefox and IE are both redirecting to random sites.

Unread postby treeman » October 28th, 2010, 3:15 am

Hi Askey127,

Thank you VERY much for the reply. The reason the drive is H is because I put this pc together myself (and I am by no means a expert) for some reason when I installed the new hard drive it was assigned "H"...I have no idea why that happened and I have not been able to change it to "C" but it is my main drive and only drive for that matter. I removed the Limewire, I had no idea programs like that could cause so many problems.

I went ahead and did all the steps you asked and I am posting the Antivir log below. Looks like it found 8 problems. I still seem to be having the same issue with FireFox and IE so I will wait for your reply.

Thank you very much again for your help :)


Avira AntiVir Personal
Report file date: Thursday, October 28, 2010 01:47

Scanning for 2979531 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : KREAM-MACHINE

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 05:42:46
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 05:43:08
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 05:43:55
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 05:44:29
VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 05:44:29
VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 05:44:29
VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 05:44:30
VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 05:44:30
VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 05:44:31
VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 05:44:33
VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 05:44:34
VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 05:44:35
VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 05:44:37
VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 05:44:38
VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 05:44:40
VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 05:44:41
VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 05:44:42
VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 05:44:44
VBASE023.VDF : 7.10.12.198 131584 Bytes 10/13/2010 05:44:45
VBASE024.VDF : 7.10.12.216 133120 Bytes 10/14/2010 05:44:46
VBASE025.VDF : 7.10.12.238 137728 Bytes 10/18/2010 05:44:48
VBASE026.VDF : 7.10.12.254 129536 Bytes 10/20/2010 05:44:49
VBASE027.VDF : 7.10.13.22 137728 Bytes 10/22/2010 05:44:50
VBASE028.VDF : 7.10.13.39 124416 Bytes 10/26/2010 05:44:52
VBASE029.VDF : 7.10.13.40 2048 Bytes 10/26/2010 05:44:52
VBASE030.VDF : 7.10.13.41 2048 Bytes 10/26/2010 05:44:52
VBASE031.VDF : 7.10.13.59 123392 Bytes 10/27/2010 05:44:53
Engineversion : 8.2.4.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/28/2010 05:45:26
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/28/2010 05:45:25
AESCN.DLL : 8.1.6.1 127347 Bytes 10/28/2010 05:45:21
AESBX.DLL : 8.1.3.1 254324 Bytes 10/28/2010 05:45:27
AERDL.DLL : 8.1.9.2 635252 Bytes 10/28/2010 05:45:21
AEPACK.DLL : 8.2.3.11 471416 Bytes 10/28/2010 05:45:17
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/28/2010 05:45:15
AEHEUR.DLL : 8.1.2.36 2974072 Bytes 10/28/2010 05:45:14
AEHELP.DLL : 8.1.14.0 246134 Bytes 10/28/2010 05:45:01
AEGEN.DLL : 8.1.3.23 401779 Bytes 10/28/2010 05:45:00
AEEMU.DLL : 8.1.2.0 393588 Bytes 10/28/2010 05:44:58
AECORE.DLL : 8.1.17.0 196982 Bytes 10/28/2010 05:44:57
AEBB.DLL : 8.1.1.0 53618 Bytes 10/28/2010 05:44:56
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: h:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: H:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, October 28, 2010 01:47

Starting search for hidden objects.
h:\program files\common files\aol\acs\aolacsd.exe
h:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[NOTE] The process is not visible.
h:\program files\common files\aol\acs\aolacsd.exe

The scan of running processes will be started
Scan process 'rsmsink.exe' - '29' Module(s) have been scanned
Scan process 'logon.scr' - '16' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'avcenter.exe' - '62' Module(s) have been scanned
Scan process 'shellmon.exe' - '20' Module(s) have been scanned
Scan process 'AOLAcsd.exe' - '52' Module(s) have been scanned
Scan process 'AOLDesktop.exe' - '98' Module(s) have been scanned
Scan process 'iPodService.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'waol.exe' - '140' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '51' Module(s) have been scanned
Scan process 'Belkinwcui.exe' - '47' Module(s) have been scanned
Scan process 'AOLSoftware.exe' - '69' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '53' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '19' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '31' Module(s) have been scanned
Scan process 'firefox.exe' - '110' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'CDANTSRV.EXE' - '9' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '32' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '25' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '54' Module(s) have been scanned
Scan process 'spoolsv.exe' - '56' Module(s) have been scanned
Scan process 'Explorer.EXE' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '162' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '72' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'H:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1669' files ).


Starting the file scan:

Begin scan in 'H:\' <Local Disk>
H:\Documents and Settings\Kream\Local Settings\Temp\plugtmp-113\plugin-focmhtimhtfqxzi2.pdf
[0] Archive type: PDF Stream
[DETECTION] Contains recognition pattern of the EXP/Pidief.crk.2 exploit
--> Object
[DETECTION] Contains recognition pattern of the EXP/Pidief.crk.2 exploit
H:\Documents and Settings\Kream\My Documents\Incomplete\T-3571623-Genuine Parts - Did it feel like love.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
H:\Documents and Settings\Kream\My Documents\Incomplete\T-3852720-sudar la cherri.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
H:\Documents and Settings\Kream\My Documents\Incomplete\T-5121404-dale candela [new single].au
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
H:\Documents and Settings\Kream\My Documents\Incomplete\T-5236582-wisin y yandell r kelly (unreleased live record).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
H:\Documents and Settings\Kream\My Documents\Incomplete\T-5240102-welcome gino latino [club mix].mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
H:\Documents and Settings\Kream\My Documents\kdogsMP3s\Sometimes Goodbye is Secondcha (COMPLETE).wma
[DETECTION] Is the TR/Dldr.WMA.Wima.AC Trojan
H:\Documents and Settings\Kream\My Documents\kdogsMP3s\sudar la cherri (new album).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

Beginning disinfection:
H:\Documents and Settings\Kream\My Documents\kdogsMP3s\sudar la cherri (new album).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '46018401.qua'.
H:\Documents and Settings\Kream\My Documents\kdogsMP3s\Sometimes Goodbye is Secondcha (COMPLETE).wma
[DETECTION] Is the TR/Dldr.WMA.Wima.AC Trojan
[NOTE] The file was moved to the quarantine directory under the name '5e8daba0.qua'.
H:\Documents and Settings\Kream\My Documents\Incomplete\T-5240102-welcome gino latino [club mix].mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '0d1af196.qua'.
H:\Documents and Settings\Kream\My Documents\Incomplete\T-5236582-wisin y yandell r kelly (unreleased live record).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '6b2dbe4a.qua'.
H:\Documents and Settings\Kream\My Documents\Incomplete\T-5121404-dale candela [new single].au
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '2ea99374.qua'.
H:\Documents and Settings\Kream\My Documents\Incomplete\T-3852720-sudar la cherri.wma
[DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan
[NOTE] The file was moved to the quarantine directory under the name '51b0a114.qua'.
H:\Documents and Settings\Kream\My Documents\Incomplete\T-3571623-Genuine Parts - Did it feel like love.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '1d088d5e.qua'.
H:\Documents and Settings\Kream\Local Settings\Temp\plugtmp-113\plugin-focmhtimhtfqxzi2.pdf
[DETECTION] Contains recognition pattern of the EXP/Pidief.crk.2 exploit
[NOTE] The file was moved to the quarantine directory under the name '60d2cdcf.qua'.


End of the scan: Thursday, October 28, 2010 03:03
Used time: 1:15:04 Hour(s)

The scan has been done completely.

10224 Scanned directories
248029 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
8 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
248021 Files not concerned
2034 Archives were scanned
0 Warnings
8 Notes
413417 Objects were scanned with rootkit scan
2 Hidden objects were found
treeman
Active Member
 
Posts: 3
Joined: October 26th, 2010, 1:21 am

Re: Firefox and IE are both redirecting to random sites.

Unread postby askey127 » October 28th, 2010, 8:06 am

treeman,
You have had an infection called Wareout.
It sends all your internet correspondence through a server in the Ukraine.
We will make sure that is gone.
It does mean that any credit card , banking or other financial info passed thru the machine may have been intercepted.
I would take the precaution of changing whatever account names, account numbers and passwords you see fit. That includes e-mail and online passwords.

Did you ever "update your codec" based on a request from one of those music files?

Side Note:
If you use a router, wireless or wired, make sure that the administrator password for the router installation has been changed to one that you chose.
If the default password is retained, an attacker can install his own server address in between you and your Internet Provider. (The default passwords are published).
You can take a quick look at the IP addresses in the router setup to make sure no extras have been added.
-----------------------------------------------------------
Flush DNS Cache
  • Click Start, Run
  • In the box, type the following, and then hit Enter: ipconfig /flushdns
  • A window will flash on and off. This is normal.
Your Internet will be slower for a short time. This is normal. Then the speed will return.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 22 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (for Vista/Win7, right click and choose "Run as administrator") and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
    Use separate replies if you wish.
Let me know how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Firefox and IE are both redirecting to random sites.

Unread postby treeman » October 28th, 2010, 12:07 pm

askey127, honestly I do not know whether I ever did anything like that, I do not think so because I simply would have thought that it was very strange to "update your codec" most likely I would have not done it. But I am not 100% sure.

I just followed the rest of the instructions and I tried entering another website into my browser and on the bottom left corner of the browser it says something like "http://cookonsea......" and then it takes me to a blank page with a small button in the top left hand corner then redirect to a random site, this time it was a music video on youtube and it also opened a grey box that said "One more thing! Please click ok to continue" which I just x'd out. The computer is running VERY well, very fast now.. I just have this problem with the browsers sporadically. :(

I logged into my router but I am not sure what I am looking for? Where do I find the ip addresses and what am I looking for? I just tried my wife's laptop over our same household wireless network and it is doing the same thing for the same domain!!!!!!!!!! Could it be something on the router? I unplugged and re-plugged in the router but I am having the same issue.

EDIT---> I hooked up directly to my modem..bypassing the router and the problem is gone!! Can I somehow re-set the router or something? BTW, yes, I never changed the password/username on the router.


EDIT again --------> I am sooooo happy you were 100% correct. I was able to find a strange IP in the router settings under DNS (started with 213.xxxxx) I thought it looked strange so I clicked allow ISP to automatically choose and it switched the numbers....problem solved! All the pc's in my house are no longer doing this problem!!!

How can I avoid this in the future? I already changed the password on the router.

Thanks a million!!!!!!!!!!!!!!!!!!!

Here is the OTL log:

OTL logfile created on: 10/28/2010 11:48:51 AM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = H:\Documents and Settings\Kream\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): H:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 149.04 Gb Total Space | 66.76 Gb Free Space | 44.79% Space Free | Partition Type: NTFS
Drive I: | 3.78 Gb Total Space | 1.93 Gb Free Space | 50.94% Space Free | Partition Type: FAT32

Computer Name: KREAM-MACHINE | User Name: Kream | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/28 11:48:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Kream\My Documents\Downloads\OTL.exe
PRC - [2010/07/21 08:40:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- H:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- H:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- H:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- H:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/11/06 07:42:59 | 000,054,568 | ---- | M] (AOL, LLC.) -- H:\Program Files\AOL 9.1\shellmon.exe
PRC - [2008/11/06 07:42:59 | 000,039,208 | ---- | M] (AOL, LLC.) -- H:\Program Files\AOL 9.1\waol.exe
PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- H:\Program Files\Common Files\AOL\1205121144\ee\aolsoftware.exe
PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- H:\Program Files\Common Files\AOL\1205121144\ee\AOLDesktop.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [2007/10/30 22:37:22 | 001,654,784 | ---- | M] (Belkin) -- H:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- H:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2001/09/10 19:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) -- H:\WINDOWS\system32\drivers\CDANTSRV.EXE


========== Modules (SafeList) ==========

MOD - [2010/10/28 11:48:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Kream\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- H:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- H:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- H:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/29 14:42:00 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- H:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- H:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2001/09/10 19:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- H:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\System32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- H:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- H:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/11 10:19:42 | 000,038,496 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/06/02 13:53:06 | 000,003,200 | ---- | M] (Altium Limited) [Kernel | Auto | Running] -- H:\Program Files\Altium Designer S09 Viewer\System\Drivers\altio.sys -- (altio)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/01/25 13:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/08/03 18:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- H:\Program Files\Belkin\F5D7050v3\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/09/10 19:09:46 | 000,057,392 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - H:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = H:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - H:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query="
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.13.15.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.6.8
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.7
FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query="

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 22:27:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: H:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/10/28 11:27:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2010/09/08 17:46:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2010/10/28 11:27:59 | 000,000,000 | ---D | M]

[2010/02/06 23:02:25 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\Mozilla\Extensions
[2009/03/12 02:07:22 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Kream\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/02/06 23:02:25 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/28 11:41:30 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\Mozilla\Firefox\Profiles\0d8csdrr.default\extensions
[2010/10/24 01:58:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\Documents and Settings\Kream\Application Data\Mozilla\Firefox\Profiles\0d8csdrr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/13 22:09:22 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- H:\Documents and Settings\Kream\Application Data\Mozilla\Firefox\Profiles\0d8csdrr.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2009/06/30 11:31:09 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\Kream\Application Data\Mozilla\Firefox\Profiles\0d8csdrr.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/10/24 01:58:45 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\Mozilla\Firefox\Profiles\0d8csdrr.default\extensions\LDSI_plashcor@gmail.com
[2009/06/30 11:31:14 | 000,001,720 | ---- | M] () -- H:\Documents and Settings\Kream\Application Data\Mozilla\Firefox\Profiles\0d8csdrr.default\searchplugins\aol-search.xml
[2010/10/28 11:41:30 | 000,000,000 | ---D | M] -- H:\Program Files\Mozilla Firefox\extensions
[2010/07/21 08:41:07 | 000,000,000 | ---D | M] (Default) -- H:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/28 11:28:00 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/07/21 08:40:58 | 000,023,512 | ---- | M] (Mozilla Foundation) -- H:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/21 08:40:58 | 000,138,712 | ---- | M] (Mozilla Foundation) -- H:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/01/07 20:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/10/28 11:27:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/09/26 12:40:34 | 000,053,248 | ---- | M] (AOL LLC) -- H:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/03/27 11:30:34 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- H:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2010/07/21 08:41:02 | 000,064,984 | ---- | M] (mozilla.org) -- H:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003/07/14 21:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2010/09/22 18:10:52 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- H:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/07/28 17:09:09 | 000,143,360 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/07/28 17:09:09 | 000,143,360 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/07/28 17:09:09 | 000,143,360 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/07/28 17:09:09 | 000,143,360 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/07/28 17:09:09 | 000,143,360 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/07/28 17:09:09 | 000,143,360 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/07/28 17:09:09 | 000,143,360 | ---- | M] (Apple Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/08/21 20:42:32 | 000,057,344 | ---- | M] (America Online, Inc.) -- H:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2010/07/13 21:54:08 | 000,001,394 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/07/13 21:54:09 | 000,002,193 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/07/13 21:54:09 | 000,001,534 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/13 21:54:09 | 000,002,344 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/07/13 21:54:09 | 000,002,371 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/07/13 21:54:09 | 000,001,178 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/07/13 21:54:09 | 000,001,096 | ---- | M] () -- H:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2008/12/13 10:20:56 | 000,000,736 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - H:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - H:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - H:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - H:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe ARM] H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] H:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AlcxMonitor] H:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] H:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [F5D7050v3] H:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [HostManager] H:\Program Files\Common Files\AOL\1205121144\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [iTunesHelper] H:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] H:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] H:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] H:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: H:\Documents and Settings\Kream\Start Menu\Programs\Startup\AOL Desktop.lnk = H:\Program Files\Common Files\AOL\Launch\aollaunch.exe (AOL LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - H:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - H:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - H:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - H:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://connect2.msmc.com/dana-cached/s ... tupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {EF34051A-402A-4ABE-AA20-04E1B4422BD9} http://ruizhome.webhop.net/RemoteDVR_D6.cab (RemoteDVR_D6 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - H:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - H:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - H:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - H:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - H:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - H:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - H:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - H:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - H:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - H:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - H:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - H:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - H:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - H:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - H:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - H:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - H:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - H:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - H:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - H:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - H:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - H:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: H:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: H:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - H:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - H:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - H:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - H:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - H:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - H:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - H:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - H:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - H:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - H:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0d7c057b-5fc8-11dd-a64f-00038a000015}\Shell\AutoRun\command - "" = C:\Launch.exe -- File not found
O33 - MountPoints2\{6fa87798-17e1-11dd-a60d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6fa87798-17e1-11dd-a60d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6fa87798-17e1-11dd-a60d-806d6172696f}\Shell\AutoRun\command - "" = H:\WINDOWS\System32\shell32.dll -- [2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 11:38:08 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Sun
[2010/10/28 11:38:08 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Java
[2010/10/28 11:27:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\deployJava1.dll
[2010/10/28 11:27:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\javaws.exe
[2010/10/28 11:27:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\javaw.exe
[2010/10/28 11:27:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\java.exe
[2010/10/28 11:27:59 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\javacpl.cpl
[2010/10/28 02:15:17 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/10/28 02:14:45 | 000,000,000 | ---D | C] -- H:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/28 01:47:20 | 000,000,000 | ---D | C] -- H:\WINDOWS\System32\NtmsData
[2010/10/28 01:46:39 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Kream\Application Data\Avira
[2010/10/28 01:32:44 | 000,000,000 | ---D | C] -- H:\WINDOWS\System32\appmgmt
[2010/10/27 23:56:37 | 000,028,520 | ---- | C] (Avira GmbH) -- H:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/27 23:56:35 | 000,124,784 | ---- | C] (Avira GmbH) -- H:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/27 23:56:35 | 000,060,936 | ---- | C] (Avira GmbH) -- H:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/27 23:56:35 | 000,045,416 | ---- | C] (Avira GmbH) -- H:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/27 23:56:35 | 000,022,360 | ---- | C] (Avira GmbH) -- H:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/27 23:56:34 | 000,000,000 | ---D | C] -- H:\Program Files\Avira
[2010/10/27 23:56:34 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Avira
[2010/10/26 00:53:32 | 001,317,976 | ---- | C] (Kaspersky Lab ZAO) -- H:\Documents and Settings\Kream\Desktop\tdsskiller.exe
[2010/10/24 02:03:36 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Adobe AIR
[2010/10/21 22:00:35 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Kream\My Documents\IPAD
[2010/10/13 19:43:56 | 000,974,848 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 19:43:56 | 000,953,856 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 19:43:47 | 000,617,472 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/08 13:29:16 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Kream\My Documents\ABS
[2010/10/07 13:20:54 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Kream\My Documents\LED Car lights
[5 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]
[4 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
[1 H:\WINDOWS\System32\drivers\*.tmp files -> H:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/28 11:40:04 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2010/10/28 11:39:25 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2010/10/28 11:27:42 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\javaws.exe
[2010/10/28 11:27:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\javaw.exe
[2010/10/28 11:27:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\java.exe
[2010/10/28 11:27:42 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\javacpl.cpl
[2010/10/28 11:27:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- H:\WINDOWS\System32\deployJava1.dll
[2010/10/28 00:28:03 | 000,000,000 | ---- | M] () -- H:\Documents and Settings\Kream\Local Settings\Application Data\prvlcl.dat
[2010/10/27 23:56:48 | 000,001,717 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/26 01:16:54 | 000,002,030 | ---- | M] () -- H:\Documents and Settings\Kream\Desktop\HiJackThis.lnk
[2010/10/26 01:14:56 | 001,402,880 | ---- | M] () -- H:\Documents and Settings\Kream\Desktop\HiJackThis.msi
[2010/10/26 00:53:43 | 001,317,976 | ---- | M] (Kaspersky Lab ZAO) -- H:\Documents and Settings\Kream\Desktop\tdsskiller.exe
[2010/10/25 02:01:27 | 000,056,320 | ---- | M] () -- H:\Documents and Settings\Kream\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/24 22:32:49 | 000,352,748 | ---- | M] () -- H:\Documents and Settings\Kream\My Documents\aaa LEDNeonFlexpricelist.pdf
[2010/10/24 02:44:32 | 000,222,902 | ---- | M] () -- H:\Documents and Settings\Kream\My Documents\AAAAAAAA Quotationofledmarinelight.pdf
[2010/10/24 02:08:27 | 000,001,739 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/21 22:57:06 | 000,069,692 | ---- | M] () -- H:\Documents and Settings\Kream\My Documents\bulb.jpg
[2010/10/14 03:22:10 | 000,212,080 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 03:06:01 | 000,001,393 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[2010/10/14 03:05:48 | 002,000,351 | ---- | M] () -- H:\WINDOWS\iis6.BAK
[2010/10/11 14:25:22 | 000,949,846 | ---- | M] () -- H:\Documents and Settings\Kream\My Documents\GTECH v VBOX PB_Test.pdf
[2010/10/08 03:04:13 | 000,432,356 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2010/10/08 03:04:13 | 000,067,312 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[5 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]
[4 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
[1 H:\WINDOWS\System32\drivers\*.tmp files -> H:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 23:56:48 | 000,001,717 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/26 01:16:54 | 000,002,030 | ---- | C] () -- H:\Documents and Settings\Kream\Desktop\HiJackThis.lnk
[2010/10/26 01:14:51 | 001,402,880 | ---- | C] () -- H:\Documents and Settings\Kream\Desktop\HiJackThis.msi
[2010/10/24 22:32:49 | 000,352,748 | ---- | C] () -- H:\Documents and Settings\Kream\My Documents\aaa LEDNeonFlexpricelist.pdf
[2010/10/24 02:44:32 | 000,222,902 | ---- | C] () -- H:\Documents and Settings\Kream\My Documents\AAAAAAAA Quotationofledmarinelight.pdf
[2010/10/24 02:08:26 | 000,001,739 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/21 22:57:06 | 000,069,692 | ---- | C] () -- H:\Documents and Settings\Kream\My Documents\bulb.jpg
[2010/10/11 14:25:22 | 000,949,846 | ---- | C] () -- H:\Documents and Settings\Kream\My Documents\GTECH v VBOX PB_Test.pdf
[2010/04/27 16:00:45 | 000,000,000 | ---- | C] () -- H:\Documents and Settings\Kream\Local Settings\Application Data\prvlcl.dat
[2010/04/22 22:24:11 | 000,005,224 | ---- | C] () -- H:\WINDOWS\System32\ucuiinfo.ini
[2009/08/24 00:23:34 | 000,000,073 | ---- | C] () -- H:\WINDOWS\CAMDXP.INI
[2009/07/29 17:38:24 | 000,000,376 | ---- | C] () -- H:\WINDOWS\ODBC.INI
[2009/07/28 23:36:48 | 000,000,173 | ---- | C] () -- H:\WINDOWS\KPCMS.INI
[2009/07/28 23:36:30 | 000,210,944 | ---- | C] () -- H:\WINDOWS\System32\MSVCRT10.DLL
[2009/06/29 14:42:00 | 000,000,000 | ---- | C] () -- H:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/10/13 17:57:25 | 001,105,920 | ---- | C] () -- H:\WINDOWS\System32\MGIIpl2P6.dll
[2008/10/13 17:57:24 | 001,228,800 | ---- | C] () -- H:\WINDOWS\System32\MGIIpl2M5.dll
[2008/10/13 17:57:23 | 001,294,336 | ---- | C] () -- H:\WINDOWS\System32\MGIIpl2A6.dll
[2008/10/13 17:57:23 | 001,261,568 | ---- | C] () -- H:\WINDOWS\System32\MGIIpl2M6.dll
[2008/10/13 17:57:21 | 001,052,672 | ---- | C] () -- H:\WINDOWS\System32\MGIIpl2P5.dll
[2008/10/13 17:55:39 | 000,000,002 | ---- | C] () -- H:\WINDOWS\PhotoSuite.ini
[2008/10/13 17:55:21 | 001,093,632 | ---- | C] () -- H:\WINDOWS\System32\MGIIpl2PX.dll
[2008/10/13 17:55:21 | 000,020,480 | ---- | C] () -- H:\WINDOWS\System32\MGIIpl2.dll
[2008/10/13 17:55:21 | 000,019,968 | ---- | C] () -- H:\WINDOWS\System32\CPUINF32.DLL
[2008/10/13 17:55:20 | 000,122,880 | ---- | C] () -- H:\WINDOWS\System32\JPEGLIB.DLL
[2008/10/13 17:55:20 | 000,122,880 | ---- | C] () -- H:\WINDOWS\System32\EnrouteStitch.dll
[2008/10/13 17:55:19 | 000,332,800 | ---- | C] () -- H:\WINDOWS\System32\FPXLIB.DLL
[2008/09/08 17:29:33 | 000,087,209 | ---- | C] () -- H:\WINDOWS\System32\iq012006.DLL
[2008/09/08 17:29:33 | 000,087,208 | ---- | C] () -- H:\WINDOWS\System32\iq032006.DLL
[2008/09/08 17:29:33 | 000,087,206 | ---- | C] () -- H:\WINDOWS\System32\iq022006.DLL
[2008/09/08 17:29:33 | 000,087,204 | ---- | C] () -- H:\WINDOWS\System32\iq042006.DLL
[2008/09/08 17:29:33 | 000,087,203 | ---- | C] () -- H:\WINDOWS\System32\sq022006.DLL
[2008/09/08 17:29:33 | 000,087,201 | ---- | C] () -- H:\WINDOWS\System32\sq012006.DLL
[2008/09/08 17:29:33 | 000,087,176 | ---- | C] () -- H:\WINDOWS\System32\sq042006.DLL
[2008/09/08 17:29:33 | 000,087,172 | ---- | C] () -- H:\WINDOWS\System32\sq032006.DLL
[2008/09/08 17:29:33 | 000,087,136 | ---- | C] () -- H:\WINDOWS\System32\IN993344.DLL
[2008/08/29 02:47:07 | 000,160,768 | ---- | C] () -- H:\WINDOWS\System32\unrar.dll
[2008/08/29 02:47:07 | 000,077,312 | ---- | C] () -- H:\WINDOWS\System32\UNACEV2.DLL
[2008/07/13 18:49:18 | 000,000,259 | ---- | C] () -- H:\WINDOWS\REMOTE~1.INI
[2008/03/24 10:05:54 | 001,936,528 | ---- | C] () -- H:\WINDOWS\System32\ltmm15.dll
[2008/03/08 00:49:19 | 000,056,320 | ---- | C] () -- H:\Documents and Settings\Kream\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/07 18:42:04 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI
[2007/03/09 03:12:32 | 000,027,648 | -HS- | C] () -- H:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 05:14:48 | 000,010,752 | ---- | C] () -- H:\WINDOWS\System32\ff_vfw.dll
[2007/01/25 13:31:36 | 000,057,395 | ---- | C] () -- H:\WINDOWS\System32\pthreadVC.dll
[2005/04/15 12:18:56 | 000,485,376 | ---- | C] () -- H:\WINDOWS\System32\DrRw40.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- H:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/08/24 00:22:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AltiumDesignerSummer09_Viewer
[2009/08/24 00:21:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AltiumDesignerSummer09_ViewerSecurity
[2010/10/28 01:30:50 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\avg9
[2008/04/16 00:23:30 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Grisoft
[2008/12/13 10:07:45 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/09/07 20:39:18 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/09 23:52:50 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/20 13:06:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/09 17:50:35 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/08 12:47:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\.oit
[2008/03/09 23:55:31 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\acccore
[2009/08/24 00:37:02 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\AltiumDesignerSummer09_Viewer
[2010/04/22 18:08:10 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\AMS
[2009/11/27 23:57:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\BitTorrent
[2008/04/18 01:27:42 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\CDRoller
[2009/06/29 14:43:25 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\EDrawings
[2008/07/25 18:25:33 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\Endicia
[2010/06/12 13:35:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\Facebook
[2008/03/24 10:05:18 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\GetRightToGo
[2008/03/08 00:31:22 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\GlobalSCAPE
[2008/06/04 16:20:50 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\IQS
[2008/12/13 10:05:46 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\Juniper Networks
[2009/08/23 23:17:50 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\PentaLogix
[2009/06/26 12:36:50 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\PGP
[2008/04/13 11:24:46 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\Viewpoint
[2009/03/14 17:52:15 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Kream\Application Data\VOWSoft

========== Purity Check ==========



< End of report >







OTL Extras logfile created on: 10/28/2010 11:48:51 AM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = H:\Documents and Settings\Kream\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): H:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive H: | 149.04 Gb Total Space | 66.76 Gb Free Space | 44.79% Space Free | Partition Type: NTFS
Drive I: | 3.78 Gb Total Space | 1.93 Gb Free Space | 50.94% Space Free | Partition Type: FAT32

Computer Name: KREAM-MACHINE | User Name: Kream | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- H:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "H:\PROGRA~1\MEDIAM~1\MEDIAM~1.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "H:\PROGRA~1\MEDIAM~1\MEDIAM~1.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "H:\PROGRA~1\MEDIAM~1\MEDIAM~1.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [UnzipThemAll] -- "H:\Program Files\UnzipThemAll\UnzipThemAll.exe" "%1" (Hervé Thouzard)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"H:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = H:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"H:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = H:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"H:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = H:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"H:\Program Files\Common Files\AOL\1205121144\ee\aolsoftware.exe" = H:\Program Files\Common Files\AOL\1205121144\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"H:\Program Files\Common Files\AOL\Loader\aolload.exe" = H:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"H:\Program Files\Common Files\AOL\1205121144\ee\AOLDesktop.exe" = H:\Program Files\Common Files\AOL\1205121144\ee\AOLDesktop.exe:*:Enabled:AOL Desktop -- (AOL LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"H:\Documents and Settings\Kream\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = H:\Documents and Settings\Kream\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"H:\Program Files\LimeWire\LimeWire.exe" = H:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"H:\Program Files\BitTorrent\bittorrent.exe" = H:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"H:\Program Files\TinCam\TinCam.exe" = H:\Program Files\TinCam\TinCam.exe:*:Enabled:TinCam -- ()
"H:\Program Files\Messenger\msmsgs.exe" = H:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"H:\Program Files\Bonjour\mDNSResponder.exe" = H:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"H:\Program Files\Mozilla Firefox\firefox.exe" = H:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"H:\Program Files\AOL 9.1\waol.exe" = H:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"H:\Program Files\Common Files\AOL\System Information\sinf.exe" = H:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"H:\Program Files\Altium Designer S09 Viewer\dxp.exe" = H:\Program Files\Altium Designer S09 Viewer\dxp.exe:*:Enabled:dxp -- ()
"H:\Program Files\trademanager\AliIM.exe" = H:\Program Files\trademanager\AliIM.exe:*:Enabled:AliIM -- File not found
"H:\Program Files\iTunes\iTunes.exe" = H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"H:\WINDOWS\system32\spoolsv.exe" = H:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{18DF995F-2ACC-47E4-A33B-A703F4D39E92}" = CuteFTP 5.0 XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26916F85-3DB5-4848-A2F2-BC0E442A6BC8}" = ViewMate 10.6
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E51D9B6-2366-40FD-9E96-3D34A2C3F34A}" = MYRIAD 8.1
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7E5FFD30-9EF9-4756-96C7-09F8FCFAD8D2}_is1" = TinCam 1.06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B881BCE-EDBF-4188-BA54-C9E03669E9E4}_is1" = Easy Photo Recovery
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B142B87D-5524-49D0-A385-E8B59CF5C69B}" = Altium Designer Summer 09 Viewer
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B72231BD-C86D-4FEF-BCD7-98832EC223E4}" = Alta Star FAR Forms
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E217DFDD-C483-4736-821B-E3C10D21F67D}" = Recover Disc 2.0
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F3D16C1B-4084-4764-BEEC-7C24428D8AAD}" = SolidWorks eDrawings 2009
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AOL Regclient" = AOL Registration
"AOL Toolbar" = AOL Toolbar
"AOL Toolbar for Firefox" = AOL Toolbar for Firefox
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDRoller_is1" = CDRoller version 7.50
"DAZzle" = DAZzle
"eMachineShop" = eMachineShop
"FreeKapture 2.00 - Freeware_is1" = FreeKapture 2.00 - Freeware
"GerbMagic_is1" = GerbMagic Version 3.6
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IsoBuster_is1" = IsoBuster 2.4
"LMS" = C-Dilla Licence Management System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"MGI_PRISM_V3_0" = MGI PhotoSuite III SE (Remove Only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PicaLoader" = PicaLoader 1.7.1
"Picasa2" = Picasa 2
"Replay_Converter_1" = Replay Converter 2.8
"ScanMaker 3630" = ScanMaker 3630
"ScanModule V5.1" = ScanModule V5.1
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery v3.2
"UnzipThemAll_is1" = UnzipThemAll 1.3
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0
"WM Recorder 12.1" = WM Recorder 12.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"78601cde3e748eeb" = IQS
"BitTorrent" = BitTorrent
"Facebook Plug-In" = Facebook Plug-In
"Juniper_Networks_Cache_Cleaner 5.5.0" = Juniper Networks Cache Cleaner 5.5.0
"Juniper_Term_Services" = Juniper Terminal Services Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2010 10:38:25 AM | Computer Name = KREAM-MACHINE | Source = Application Hang | ID = 1002
Description = Hanging application ImageReady.exe, version 1.0.0.112, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/28/2010 11:21:17 PM | Computer Name = KREAM-MACHINE | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/29/2010 9:04:07 AM | Computer Name = KREAM-MACHINE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3846, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/16/2010 10:33:42 AM | Computer Name = KREAM-MACHINE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3846, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/18/2010 1:32:54 PM | Computer Name = KREAM-MACHINE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/18/2010 1:32:54 PM | Computer Name = KREAM-MACHINE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/19/2010 9:17:05 PM | Computer Name = KREAM-MACHINE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/10/2010 3:57:14 PM | Computer Name = KREAM-MACHINE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see H:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 9/12/2010 2:25:58 AM | Computer Name = KREAM-MACHINE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2010 10:39:56 PM | Computer Name = KREAM-MACHINE | Source = Application Hang | ID = 1002
Description = Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/28/2010 1:57:52 AM | Computer Name = KREAM-MACHINE | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic USB MS
Reader USB Device.

Error - 10/28/2010 1:57:54 AM | Computer Name = KREAM-MACHINE | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic USB MS
Reader USB Device.

Error - 10/28/2010 1:58:42 AM | Computer Name = KREAM-MACHINE | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic USB MS
Reader USB Device.

Error - 10/28/2010 1:58:44 AM | Computer Name = KREAM-MACHINE | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic USB MS
Reader USB Device.

Error - 10/28/2010 1:59:45 AM | Computer Name = KREAM-MACHINE | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic USB MS
Reader USB Device.

Error - 10/28/2010 1:59:45 AM | Computer Name = KREAM-MACHINE | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic USB MS
Reader USB Device.

Error - 10/28/2010 2:06:30 AM | Computer Name = KREAM-MACHINE | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic USB MS
Reader USB Device.

Error - 10/28/2010 2:06:31 AM | Computer Name = KREAM-MACHINE | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic USB MS
Reader USB Device.

Error - 10/28/2010 3:00:35 AM | Computer Name = KREAM-MACHINE | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic USB MS
Reader USB Device.

Error - 10/28/2010 3:00:36 AM | Computer Name = KREAM-MACHINE | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library Generic USB MS
Reader USB Device.


< End of report >
treeman
Active Member
 
Posts: 3
Joined: October 26th, 2010, 1:21 am

Re: Firefox and IE are both redirecting to random sites.

Unread postby askey127 » October 29th, 2010, 6:32 am

treeman,
By changing your router password, you should not have the problem again.
You should be OK now.
However:
------------------------------------------------------
Warning - Compromised Data
Because the infection has had remote control access to all your Internet activities, you should assume that any data on it may have been stolen.
Take whatever precautions you think sensible about any financial (credit cards, banking, etc.), or other critical information that has been passed through or stored on the machine.
I would suggest changing all account names/numbers, and passwords for ANY accounts that have been used with the machine.
That includes not only banking, credit cards, and financial, but also website and e-mail accounts as well.
------------------------------------------------------
Also, your present user is still showing an installation of BitTorrent. If you can see it, I would Uninstall it.
Stay away from P2P programs, or you won't have a good PC very long. (By the way, Limewire was just shut down by the courts).


If you would like some extra security (This is for Windows XP):
-----------------------------------------------------------
Replace the Current HOSTS File with MVPs
You can read about HOSTS files here : http://www.mvps.org/winhelp2002/hosts.htm

  • Disable DNS Client Service. This is necessary when installing a large HOSTS file.
    From Start, or Start, Run
    Type services.msc in the box and hit <Enter>
    Give permission to continue if necessary.
    Scroll down to DNS Client on the list, Right Click it and choose Properties.
    Under Service Status, click Stop. Wait until it reports the service stopped.
    Under Startup Type, choose Disabled.
    Then click Apply, OK

  • Use HostsXpert to Install the HOSTS File
    Download HostsXpert and unzip (extract) it to your computer, somewhere where you can find it.
    • Double click on HostsXpert.exe to launch the program. Give whatever Permissions are required.
    • In the bottom half of the left pane, click on File Handling
    • If the first button at the top is labeled Make Writeable?, click on it so the label changes to Make Read Only
    • Click third button from the bottom, labeled Download. A couple new buttons will appear at the top.
    • Click on the top button labeled MVPs Hosts and choose Replace
    • When asked to verify if you want to Replace present Hosts file, click OK.
    • When it finishes, click on File Handling again.
    • Click the button at the top labeled Make Read Only, so the label changes to Make Writeable?
    • Hit the X in the upper right corner to exit HostsXpert

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Firefox and IE are both redirecting to random sites.

Unread postby askey127 » November 1st, 2010, 8:54 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware