Jump to content

Recommended Posts

Hey guys, I'm new here and only partially savvy to these kinds of things, but I digress.

So I've been hit by what I've seen referred to as the google redirect trojan. Randomly, on just about any website I visit out there, when I click a link it'll bring up a pop-up that redircts me to google, if anything at all. Or if I go to google, any search I does redirects me to some result5.google.whatever site, which is more adware or whatever. I know some of you have been hit by it before, and it's super annoying, and it seems to be a tough thing to get rid of.

I've tried removing it on both Malware Bytes and Spyware Doctor as wlel as trying to clean up my registry and still it exists. And I believe it's what's preventing me from even attempting a System Restore, because that won't work either.

So I just did a quick scan on malware bytes, and it says it found nothing (this is probably like the sixth scan I've done since I was attacked, but I still do them anyway.

the mbam is as follows:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4169

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

05/06/2010 4:38:43 PM

mbam-log-2010-06-05 (16-38-43).txt

Scan type: Quick scan

Objects scanned: 137317

Time elapsed: 6 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And after doing a Hijack This log, this is what I get:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:44:23 PM, on 05/06/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18444)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\SMINST\BLService.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

C:\Users\Neil\Program Files (x86)\DNA\btdna.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe

C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe

C:\Program Files (x86)\Spyware Doctor\pctsTray.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [Live! Central] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" /mode2

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Neil\Program Files (x86)\DNA\btdna.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O13 - Gopher Prefix:

O15 - Trusted Zone: *.juno.com

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - (no file)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - (no file)

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - (no file)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Development Company, L.P. - (no file)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - (no file)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - (no file)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - (no file)

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - (no file)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - (no file)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - (no file)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - (no file)

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - (no file)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - (no file)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - (no file)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - (no file)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - (no file)

--

End of file - 11480 bytes

Now i don't totally know what I'm looking for here, and this is why I'm now here, at the mercy of you crazy malware bytes experts. Please send help

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

Since you are using a 64 bit version of Windows, I want to take a different approach here.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

Link to post
Share on other sites

So I burned the cd, and booted correctly. When I double click OTLPE, it prompts me to browse for folder (and I don't see any option to check or uncheck anything called "Automatically load all users"). I choose C:/ because I assume that's what I want, and when I try, it says Target is not Windows 2000 or later.

Am I not supposed to be searching for C:/?

Link to post
Share on other sites

ah, there we go!

OTL logfile created on: 6/9/2010 8:38:40 AM - Run

OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE

64bit-Windows Vista Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220.41 Gb Total Space | 18.49 Gb Free Space | 8.39% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.88% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 00:42:43 | 000,000,000 | ---D | M] [On_Demand] -- C:\Windows\System32\Msdtc -- (MSDTC)

SRV:64bit: - [2008/12/12 13:35:46 | 006,554,752 | ---- | M] (Microsoft Corporation) [On_Demand] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV:64bit: - [2008/12/12 13:35:36 | 000,285,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV:64bit: - [2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\netlogon.dll -- (Netlogon)

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2006/11/02 07:17:46 | 000,028,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\keyiso.dll -- (KeyIso)

SRV:64bit: - [2006/11/02 02:38:28 | 000,055,846 | ---- | M] () [On_Demand] -- C:\Windows\System32\wbem\vss.mof -- (VSS)

SRV - [2010/04/29 17:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/21 18:53:31 | 000,068,096 | ---- | M] () [On_Demand] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)

SRV - [2010/03/15 13:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2010/03/11 13:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - [2010/01/22 11:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2008/09/24 21:08:26 | 000,296,320 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)

SRV - [2008/09/24 21:08:26 | 000,116,096 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)

SRV - [2008/09/23 15:18:52 | 000,365,904 | ---- | M] () [Auto] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008/07/27 14:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [On_Demand] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/29 17:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010/03/29 12:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\Windows\System32\drivers\PCTCore64.sys -- (PCTCore)

DRV:64bit: - [2010/01/25 08:09:36 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandgps64.sys -- (AndGps)

DRV:64bit: - [2010/01/25 08:09:34 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lganddiag64.sys -- (AndDiag)

DRV:64bit: - [2010/01/25 08:09:24 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandmodem64.sys -- (ANDModem)

DRV:64bit: - [2010/01/25 08:09:22 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandbus64.sys -- (Andbus)

DRV:64bit: - [2010/01/21 04:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2010/01/21 04:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2010/01/21 04:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2009/06/15 20:03:00 | 000,331,008 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\V0380Vid.sys -- (V0380Vid)

DRV:64bit: - [2008/10/18 19:04:15 | 000,020,536 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)

DRV:64bit: - [2008/10/18 19:04:15 | 000,020,536 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)

DRV:64bit: - [2008/10/18 19:04:15 | 000,018,488 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)

DRV:64bit: - [2008/09/19 20:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTSTOR64.sys -- (RTSTOR)

DRV:64bit: - [2008/09/11 07:54:44 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2008/09/04 13:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV:64bit: - [2008/08/28 19:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v64.sys -- (NETw5v64) Intel®

DRV:64bit: - [2008/08/14 06:18:54 | 008,029,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2008/08/12 18:50:48 | 000,159,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2008/08/06 12:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/07/15 04:20:42 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2008/06/19 21:37:42 | 000,325,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2008/02/29 18:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/01/20 22:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2008/01/20 22:50:35 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)

DRV:64bit: - [2008/01/20 22:47:27 | 000,185,912 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)

DRV:64bit: - [2008/01/20 22:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)

DRV:64bit: - [2008/01/20 22:47:26 | 000,078,392 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)

DRV:64bit: - [2008/01/20 22:47:25 | 000,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)

DRV:64bit: - [2008/01/20 22:47:04 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV:64bit: - [2008/01/20 22:47:01 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV:64bit: - [2008/01/20 22:47:00 | 000,091,192 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)

DRV:64bit: - [2008/01/20 22:46:59 | 000,397,368 | ---- | M] (Emulex) [Kernel | Boot] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)

DRV:64bit: - [2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)

DRV:64bit: - [2008/01/20 22:46:59 | 000,047,672 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)

DRV:64bit: - [2008/01/20 22:46:59 | 000,035,896 | ---- | M] (LSI Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)

DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v64.sys -- (NETw3v64) Intel®

DRV:64bit: - [2008/01/20 22:46:56 | 000,438,328 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)

DRV:64bit: - [2008/01/20 22:46:56 | 000,284,728 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)

DRV:64bit: - [2008/01/20 22:46:56 | 000,146,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G6032E.sys -- (E1G60) Intel®

DRV:64bit: - [2008/01/20 22:46:56 | 000,105,016 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2008/01/20 22:46:54 | 000,342,584 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)

DRV:64bit: - [2008/01/20 22:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)

DRV:64bit: - [2008/01/20 22:46:54 | 000,126,520 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)

DRV:64bit: - [2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)

DRV:64bit: - [2008/01/20 22:46:53 | 000,486,456 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)

DRV:64bit: - [2008/01/20 22:46:53 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)

DRV:64bit: - [2008/01/20 22:46:52 | 001,221,176 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)

DRV:64bit: - [2008/01/20 22:46:52 | 000,174,696 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)

DRV:64bit: - [2008/01/20 22:46:52 | 000,090,680 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\arc.sys -- (arc)

DRV:64bit: - [2008/01/20 22:46:51 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)

DRV:64bit: - [2008/01/20 22:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)

DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2007/02/05 20:36:48 | 000,049,664 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)

DRV:64bit: - [2006/11/02 08:03:03 | 000,051,816 | ---- | M] (IBM Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)

DRV:64bit: - [2006/11/02 08:02:52 | 000,049,256 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)

DRV:64bit: - [2006/11/02 08:02:47 | 000,048,232 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)

DRV:64bit: - [2006/11/02 08:02:39 | 000,044,648 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)

DRV:64bit: - [2006/11/02 08:02:37 | 000,044,648 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)

DRV:64bit: - [2006/11/02 08:02:24 | 000,039,016 | ---- | M] (LSI Logic Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)

DRV:64bit: - [2006/11/02 08:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)

DRV:64bit: - [2006/11/02 08:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)

DRV:64bit: - [2006/11/02 07:50:54 | 000,148,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)

DRV:64bit: - [2006/11/02 07:50:27 | 000,124,008 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)

DRV:64bit: - [2006/11/02 07:50:06 | 000,088,168 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)

DRV:64bit: - [2006/11/02 04:43:25 | 000,086,528 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV:64bit: - [2006/11/02 01:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)

DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x64.sys -- (yukonx64)

DRV:64bit: - [2006/09/19 07:42:33 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV:64bit: - [2006/09/18 17:30:18 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV:64bit: - [2006/09/18 17:30:18 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV:64bit: - [2006/09/18 17:30:15 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV:64bit: - [2006/09/18 17:30:15 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})

DRV - [2008/01/20 22:49:57 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\SysWOW64\winusb.dll -- (WinUSB)

DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Mcx1_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKU\Mcx1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKU\Mcx1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Neil_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

IE - HKU\Neil_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\Neil_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\Neil_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2010/06/06 22:55:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKU\Neil_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Live! Central] C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\LocalService_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\Mcx1_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\Neil_ON_C..\Run: [bitTorrent DNA] C:\Users\Neil\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKU\Neil_ON_C..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - Startup: Error locating startup folders.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15:64bit: - .DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15:64bit: - Mcx1_ON_C\..Trusted Ranges: Range1 ([http] in )

O15:64bit: - Neil_ON_C\..Trusted Domains: juno.com ([]* in Trusted sites)

O15:64bit: - Neil_ON_C\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab ()

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll (MH)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKU\Mcx1_ON_C Winlogon: Shell - (C:\Windows\eHome\McrMgr.exe) - C:\Windows\ehome\McrMgr.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found

64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/08 19:31:32 | 126,850,486 | ---- | C] (Igor Pavlov) -- C:\Users\Neil\Desktop\OTLPENet.exe

[2010/06/06 22:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5

[2010/06/06 22:31:07 | 006,591,296 | ---- | C] (SurfRight B.V.) -- C:\Users\Neil\Desktop\HitmanPro35_x64.exe

[2010/06/06 22:28:21 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Local\Downloaded Installations

[2010/06/06 22:28:06 | 011,747,656 | ---- | C] (ParetoLogic ) -- C:\Users\Neil\Desktop\Pareto_AV_Setup_RW.exe

[2010/06/06 22:25:01 | 000,000,000 | ---D | C] -- C:\05e803dca17095dad94da6a792e8

[2010/06/06 22:20:59 | 007,538,960 | ---- | C] (Microsoft Corporation) -- C:\Users\Neil\Desktop\mssefullinstall-amd64fre-en-us-vista-win7.exe

[2010/06/05 07:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegTweaker

[2010/06/04 20:03:13 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll

[2010/06/04 20:03:12 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll

[2010/06/04 20:03:12 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll

[2010/06/04 19:45:14 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi64.sys

[2010/06/04 19:45:14 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter64.sys

[2010/06/04 19:45:09 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore64.sys

[2010/06/04 19:45:07 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg64.sys

[2010/06/04 19:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor

[2010/06/04 19:44:59 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Roaming\PC Tools

[2010/06/04 19:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2010/06/04 19:37:28 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

========== Files - Modified Within 30 Days ==========

[2010/06/08 19:39:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/08 19:39:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/08 19:39:06 | 003,424,091 | -H-- | M] () -- C:\Users\Neil\AppData\Local\IconCache.db

[2010/06/08 19:33:34 | 126,850,486 | ---- | M] (Igor Pavlov) -- C:\Users\Neil\Desktop\OTLPENet.exe

[2010/06/06 22:33:17 | 000,019,016 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2010/06/06 22:31:31 | 006,591,296 | ---- | M] (SurfRight B.V.) -- C:\Users\Neil\Desktop\HitmanPro35_x64.exe

[2010/06/06 22:30:01 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/06/06 22:30:01 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/06/06 22:30:01 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/06/06 22:28:09 | 011,747,656 | ---- | M] (ParetoLogic ) -- C:\Users\Neil\Desktop\Pareto_AV_Setup_RW.exe

[2010/06/06 22:23:16 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/06 22:21:01 | 007,538,960 | ---- | M] (Microsoft Corporation) -- C:\Users\Neil\Desktop\mssefullinstall-amd64fre-en-us-vista-win7.exe

[2010/06/06 21:47:42 | 000,293,376 | ---- | M] () -- C:\Users\Neil\Desktop\xs04h5hh.exe

[2010/06/06 21:06:54 | 000,384,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/06/06 13:10:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/06 13:10:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/06 11:07:45 | 000,100,864 | ---- | M] () -- C:\Users\Neil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/05 18:33:10 | 000,096,656 | ---- | M] () -- C:\Users\Neil\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/05/27 20:09:19 | 000,000,680 | ---- | M] () -- C:\Users\Neil\AppData\Local\d3d9caps.dat

[2010/05/24 14:44:06 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI

[2010/05/13 21:04:55 | 000,023,570 | ---- | M] () -- C:\Users\Neil\Desktop\GetAttachment.aspx.jpg

========== Files Created - No Company Name ==========

[2010/06/06 22:33:17 | 000,019,016 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2010/06/06 21:47:39 | 000,293,376 | ---- | C] () -- C:\Users\Neil\Desktop\xs04h5hh.exe

[2010/06/04 20:21:49 | 000,333,900 | ---- | C] () -- C:\Users\Neil\AppData\Local\dd_vcredistMSI7267.txt

[2010/06/04 20:21:48 | 000,011,170 | ---- | C] () -- C:\Users\Neil\AppData\Local\dd_vcredistUI7267.txt

[2010/06/04 20:21:48 | 000,010,550 | ---- | C] () -- C:\Users\Neil\AppData\Local\dd_vcredistUI7268.txt

[2010/06/04 20:03:13 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll

[2010/06/04 20:03:13 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml

[2010/06/04 20:03:13 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml

[2010/06/04 20:03:13 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip

[2010/06/04 20:03:12 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip

[2010/06/04 19:45:14 | 000,007,357 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi64.cat

[2010/06/04 19:45:09 | 000,007,353 | ---- | C] () -- C:\Windows\System32\drivers\pctcore64.cat

[2010/06/04 19:45:07 | 000,007,353 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg64.cat

[2010/06/04 19:45:01 | 000,010,598 | ---- | C] () -- C:\Users\Neil\AppData\Local\dd_vcredistUI5640.txt

[2010/06/04 19:45:00 | 000,334,274 | ---- | C] () -- C:\Users\Neil\AppData\Local\dd_vcredistMSI563C.txt

[2010/06/04 19:45:00 | 000,011,186 | ---- | C] () -- C:\Users\Neil\AppData\Local\dd_vcredistUI563C.txt

[2010/05/24 14:44:06 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2010/05/13 21:04:25 | 000,023,570 | ---- | C] () -- C:\Users\Neil\Desktop\GetAttachment.aspx.jpg

[2010/04/14 21:26:46 | 000,403,436 | ---- | C] () -- C:\Users\Neil\AppData\Local\dd_vcredistMSI1337.txt

[2010/04/14 21:26:36 | 000,011,462 | ---- | C] () -- C:\Users\Neil\AppData\Local\dd_vcredistUI1337.txt

[2010/03/11 12:36:12 | 000,423,104 | ---- | C] () -- C:\Users\Neil\AppData\Local\dd_vcredistMSI1CBE.txt

[2010/03/11 12:36:12 | 000,011,362 | ---- | C] () -- C:\Users\Neil\AppData\Local\dd_vcredistUI1CBE.txt

[2010/02/08 21:11:21 | 000,000,680 | ---- | C] () -- C:\Users\Neil\AppData\Local\d3d9caps.dat

[2010/02/02 09:09:26 | 135,558,563 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab

[2010/02/02 09:09:06 | 010,177,536 | ---- | C] () -- C:\Program Files (x86)\openofficeorg32.msi

[2010/02/01 19:27:28 | 000,000,290 | ---- | C] () -- C:\Program Files (x86)\setup.ini

[2009/11/14 15:39:16 | 000,000,732 | ---- | C] () -- C:\Users\Neil\AppData\Local\d3d9caps64.dat

[2009/10/04 11:28:53 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2009/10/04 10:14:04 | 000,000,037 | ---- | C] () -- C:\Windows\SWFConverter.INI

[2009/10/04 04:19:01 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll

[2009/05/30 11:41:01 | 000,100,864 | ---- | C] () -- C:\Users\Neil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/05/30 00:45:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/05/29 23:13:53 | 000,000,000 | ---- | C] () -- C:\Users\Neil\AppData\Local\QSwitch.txt

[2009/05/29 23:13:53 | 000,000,000 | ---- | C] () -- C:\Users\Neil\AppData\Local\DSwitch.txt

[2009/05/29 23:13:53 | 000,000,000 | ---- | C] () -- C:\Users\Neil\AppData\Local\AtStart.txt

[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll

[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2010/06/03 11:02:54 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\BitTorrent

[2010/06/08 19:29:08 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\DNA

[2010/01/17 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\EA

[2010/04/15 18:20:54 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Facebook

[2010/04/08 23:37:37 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\FileZilla

[2009/06/22 02:33:42 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Jasc

[2009/05/30 11:40:07 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\MusicNet

[2009/12/12 16:25:00 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\NavNet Solutions

[2010/04/14 21:32:59 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\OpenOffice.org

[2009/10/04 03:41:25 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Opera

[2009/06/30 16:32:03 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\SecondLife

[2010/01/06 21:19:57 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\StreamTorrent

[2009/05/30 13:03:22 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\WildTangent

[2010/03/11 13:18:48 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\XBMC

[2010/06/08 19:39:12 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

No malware shows up in your logs. That leaves us with a few possibilities to start researching the problem.

First of all I want to have a look at a file. Please rerun OTLPE and copy/paste the following text into the "custom scan/fix" field. Click the NONE button and then Run Scan.

Post me the resulting log.

/md5start
ws2_32.dll
/md5stop

In normal mode, please click Start > Run, type cmd and press enter.

In the command window type ipconfig /flushdns and press enter.

When done let me know if anything changed. If you are connecting to the internet through a router, make sure you reset it.

Link to post
Share on other sites

ok, so here's the new scan

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220.41 Gb Total Space | 18.49 Gb Free Space | 8.39% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 12.47 Gb Total Space | 1.98 Gb Free Space | 15.88% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet001

========== Custom Scans ==========

< MD5 for: WS2_32.DLL >

[2008/01/20 22:49:45 | 000,265,216 | ---- | M] (Microsoft Corporation) MD5=63944ECFE4878C1C4889689324CABFAB -- C:\Windows\SysWOW64\ws2_32.dll

[2008/01/20 22:49:45 | 000,265,216 | ---- | M] (Microsoft Corporation) MD5=63944ECFE4878C1C4889689324CABFAB -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_4ed64c4686b376fa\ws2_32.dll

[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll

[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_f4a329cecb77d110\ws2_32.dll

[2009/04/11 03:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) MD5=BAB10B35E2D5EE0DC3DE05A177C52C50 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_50c1c55283d54246\ws2_32.dll

< End of report >

and when I tried to flushdns it said : Windows IP configuration

Could not flush the DNS Resolver Cache: Function Failed during execution

I assume by normal mode you mean not in safe mode?

Link to post
Share on other sites

That is strange. Please let me know how you are connected to the internet.

Well, most of the time I connect wirelessly through my router, but I haven't been able to, I suspect because of the virus, so now, and I find this strange, I have a hard wired connection to my computer, but still coming from my laptop.

When I tried to connect to my regular wireless network, the network finder just simply could not find any networks. This never happens, so I assumed it was the virus. I disabled the wifi on my laptop and restarted it, same problem. I didn't bother to reset my router or laptop, but I'm still pretty sure it's the virus.

Also, just thinking about it now, when I open my command prompt, the default location it opens to is B:\Documents and Settings\Default User\Desktop

and that's where I'm trying to execute the flush, should I maybe be trying it under a different directory?

Link to post
Share on other sites

Please try to reset the router. Malware is quite capable of messing with router settings.

Also, please check the following. Click Start, type services.msc and press enter. Scroll down to the DHCP service and check it is set to start automatically and is indeed running.

Link to post
Share on other sites

For now I've taken my router out of the chain completely and am hard wired to my modem. It's funny, it appears in some ways that the redirect is gone, and in other, more severe ways, I believe it's still there, or some other virus is. I could not repair windows wireless service, iexplore still does not work, virtually anything associated with microsoft still isn't working

Link to post
Share on other sites

You may want to try the following:

Please download and use: Logo_FixIt_Final.pngMicrosoft Fix it Center Online

Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist!

It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you.

Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones.
  • Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support.
  • Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report.
  • Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions.

Let me know after you have run all the troubleshooters on your pc if it corrected your problem.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.