Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93117 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Browser redirects to Google (flyingincognitosleep)

Started by EricktheTwin , Dec 21 2010 07:27 PM

  • This topic is locked This topic is locked
19 replies to this topic

#16 EricktheTwin

EricktheTwin

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 23 December 2010 - 09:12 AM

Actually, the computer appears to be running fine now. :thumbup:
OTL logfile created on: 12/23/2010 8:04:14 AM - Run 3
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Erick\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 129.93 Gb Free Space | 45.85% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 6.84 Gb Free Space | 46.69% Space Free | Partition Type: NTFS

Computer Name: ERICK | User Name: Erick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Erick\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Erick\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (FastUserSwitchingCompatibility) -- C:\Windows\SysNative\FastUv32.dll File not found
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe ()
SRV:64bit: - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS ()
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys ()
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\DRIVERS\tmwfp.sys ()
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\DRIVERS\tmlwf.sys ()
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys ()
DRV:64bit: - (OA009Vid) -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys ()
DRV:64bit: - (OA009Ufd) -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys ()
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys ()
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (e1express) Intel® -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fluidanims.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.fluidanim...ch_id=egosearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49469

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://forums.whatth...owtopic=116178"
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49469
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/14 19:57:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/17 16:17:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/21 17:37:53 | 000,000,000 | ---D | M]

[2010/08/11 18:57:35 | 000,000,000 | ---D | M] -- C:\Users\Erick\AppData\Roaming\Mozilla\Extensions
[2010/12/22 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Erick\AppData\Roaming\Mozilla\Firefox\Profiles\t596yewn.default\extensions
[2010/12/22 16:20:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Erick\AppData\Roaming\Mozilla\Firefox\Profiles\t596yewn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/21 17:39:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Erick\AppData\Roaming\Mozilla\Firefox\Profiles\t596yewn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/25 00:46:46 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Erick\AppData\Roaming\Mozilla\Firefox\Profiles\t596yewn.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010/09/25 00:46:46 | 000,002,267 | ---- | M] () -- C:\Users\Erick\AppData\Roaming\Mozilla\Firefox\Profiles\t596yewn.default\searchplugins\bing-zugo.xml
[2010/12/21 17:38:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/21 17:38:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/21 17:37:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/21 17:45:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll File not found
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Erick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} http://www.yoyogames...ctivex/YoYo.cab (YYGInstantPlay Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Erick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Erick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/22 17:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/12/21 20:03:03 | 000,000,000 | ---D | C] -- C:\Users\Erick\Desktop\gmer
[2010/12/21 18:57:00 | 000,000,000 | ---D | C] -- C:\Users\Erick\Desktop\tdsskiller
[2010/12/21 17:40:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/21 17:37:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/12/21 17:37:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/12/21 17:37:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/12/21 17:28:59 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Erick\Desktop\OTL.exe
[2010/12/20 22:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/12/20 13:57:09 | 000,000,000 | ---D | C] -- C:\Users\Erick\AppData\Roaming\PeerNetworking
[2010/12/20 08:10:11 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/12/15 13:25:04 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/15 13:25:04 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/14 18:40:43 | 000,000,000 | ---D | C] -- C:\Users\Erick\AppData\Local\AVG Security Toolbar
[2010/12/14 18:11:21 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/12/14 17:04:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/12/14 17:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/12/14 17:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/12/14 17:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/12/14 16:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/12/14 16:12:55 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/14 16:12:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/12/14 16:12:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/14 16:12:42 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/14 16:12:41 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/14 16:12:41 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/12/14 16:12:40 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/14 16:12:40 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/12/14 16:12:40 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/14 16:12:40 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/12/14 16:12:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/12/13 21:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/12/12 11:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\ZalmanFrisbee
[2010/12/09 14:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi(35)
[2010/11/27 20:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/25 11:21:34 | 000,000,000 | ---D | C] -- C:\Users\Erick\Desktop\RSBE(BalancedBrawl)

========== Files - Modified Within 30 Days ==========

[2010/12/23 08:01:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/23 08:01:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/23 08:01:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/23 08:01:06 | 4255,502,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/22 17:27:03 | 002,672,312 | ---- | M] () -- C:\Users\Erick\Desktop\esetsmartinstaller_enu.exe
[2010/12/21 17:37:02 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/12/21 17:37:02 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/12/21 17:37:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/12/21 17:37:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/12/21 17:29:19 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Erick\Desktop\OTL.exe
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/20 13:57:09 | 000,020,373 | ---- | M] () -- C:\Users\Erick\AppData\Roaming\UserTile.png
[2010/12/20 08:25:11 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/12/20 08:11:26 | 000,001,798 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/12/20 08:11:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/12/16 11:52:36 | 002,936,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/16 11:48:30 | 000,000,112 | ---- | M] () -- C:\ProgramData\ia6hhV345.dat
[2010/12/14 20:28:44 | 000,000,732 | ---- | M] () -- C:\Users\Erick\AppData\Local\d3d9caps64.dat
[2010/12/14 20:16:24 | 516,686,667 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/03 18:00:01 | 000,005,097 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2010/11/27 20:32:07 | 000,000,552 | ---- | M] () -- C:\Users\Erick\AppData\Local\d3d8caps.dat
[2010/11/25 11:24:48 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/25 11:24:48 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/25 11:24:48 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2010/12/22 17:26:17 | 002,672,312 | ---- | C] () -- C:\Users\Erick\Desktop\esetsmartinstaller_enu.exe
[2010/12/20 13:57:09 | 000,020,373 | ---- | C] () -- C:\Users\Erick\AppData\Roaming\UserTile.png
[2010/12/20 08:11:26 | 000,001,798 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/12/20 08:10:28 | 000,421,092 | ---- | C] () -- C:\Users\Erick\AppData\Local\dd_vcredistMSI08C4.txt
[2010/12/20 08:10:18 | 000,015,874 | ---- | C] () -- C:\Users\Erick\AppData\Local\dd_vcredistUI08C4.txt
[2010/12/15 13:25:13 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/12/15 13:25:05 | 000,854,528 | ---- | C] () -- C:\Windows\SysNative\schedsvc.dll
[2010/12/15 13:25:04 | 000,655,872 | ---- | C] () -- C:\Windows\SysNative\taskschd.dll
[2010/12/15 13:25:04 | 000,499,712 | ---- | C] () -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/15 13:25:04 | 000,410,112 | ---- | C] () -- C:\Windows\SysNative\taskcomp.dll
[2010/12/15 13:25:04 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\taskeng.exe
[2010/12/15 13:07:50 | 4255,502,336 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/14 16:12:55 | 000,367,104 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/12/14 16:12:55 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/12/14 16:12:55 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/12/14 16:12:49 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\consent.exe
[2010/12/14 16:12:46 | 005,693,440 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/12/14 16:12:45 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/12/14 16:12:44 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/12/14 16:12:43 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/12/14 16:12:41 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/12/14 16:12:41 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/12/14 16:12:41 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/12/14 16:12:40 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/12/14 16:12:40 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/12/14 16:12:40 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/12/14 16:12:40 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/12/14 16:12:40 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/12/14 16:12:40 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/12/14 16:12:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/12/14 16:12:40 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/12/14 16:12:40 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/12/14 16:12:40 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/12/14 16:11:12 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/12/13 21:26:20 | 000,420,354 | ---- | C] () -- C:\Users\Erick\AppData\Local\dd_vcredistMSI4701.txt
[2010/12/13 21:26:13 | 000,011,646 | ---- | C] () -- C:\Users\Erick\AppData\Local\dd_vcredistUI4701.txt
[2010/12/03 15:14:10 | 000,000,112 | ---- | C] () -- C:\ProgramData\ia6hhV345.dat
[2010/11/27 20:32:07 | 000,000,552 | ---- | C] () -- C:\Users\Erick\AppData\Local\d3d8caps.dat
[2010/10/17 12:29:53 | 000,335,154 | ---- | C] () -- C:\Users\Erick\AppData\Local\dd_vcredistMSI46EB.txt
[2010/10/17 12:29:52 | 000,011,238 | ---- | C] () -- C:\Users\Erick\AppData\Local\dd_vcredistUI46EB.txt
[2010/07/31 23:26:11 | 000,000,088 | RHS- | C] () -- C:\ProgramData\0983891305.sys
[2010/07/31 23:26:10 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/23 19:55:50 | 000,569,032 | ---- | C] () -- C:\Users\Erick\AppData\Local\dd_vcredistMSI5CCC.txt
[2010/07/23 19:55:49 | 000,015,076 | ---- | C] () -- C:\Users\Erick\AppData\Local\dd_vcredistUI5CCC.txt
[2009/12/09 17:08:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/24 21:33:43 | 000,000,732 | ---- | C] () -- C:\Users\Erick\AppData\Local\d3d9caps64.dat
[2009/08/15 18:01:39 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\0513898309.sys
[2009/08/15 18:01:35 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/05/23 23:10:42 | 000,029,184 | ---- | C] () -- C:\Users\Erick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/22 10:46:41 | 000,006,080 | ---- | C] () -- C:\Users\Erick\AppData\Local\d3d9caps.dat
[2009/05/22 10:07:13 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/01 21:20:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2008/07/01 21:20:16 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\COMSocketServer.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005/10/14 02:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005/10/14 02:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005/10/14 02:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005/10/14 02:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005/10/14 02:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005/10/14 02:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005/10/14 02:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005/10/14 02:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2005/08/29 23:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005/08/29 23:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2005/08/29 23:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2005/05/08 16:56:00 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2003/04/11 12:14:14 | 000,005,827 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

< End of report >

    Advertisements

Register to Remove

#17 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 23 December 2010 - 05:31 PM

You appear clean of infections,please do the following.



Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.






Clean out your temp files.
Download Attribune's ATF Cleaner and save to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.





Here are some recommendations to help you stay clean.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com/



Make sure you are running a FIREWALL.The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.
Please read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

please take a moment to read quietman7's excellent prevention tips in post 3 here
Click >>>> Tips to protect yourself against malware and reduce the potential for re-infection:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Thats it you are good to go.Safe surfing

#18 EricktheTwin

EricktheTwin

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 23 December 2010 - 07:11 PM

Thank you very much mowman. I greatly appreciate the help I was given. :notworthy:

#19 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 23 December 2010 - 07:26 PM

You're welcome,glad we could help :)

#20 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 23 December 2010 - 07:43 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·