I think I have the Google redirect virus what do I do?

Viruses and worms
21

OTL logfile created on: 12/7/2010 5:20:20 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Home\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 579.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 204.17 Gb Free Space | 88.86% Space Free | Partition Type: NTFS

Computer Name: JAKUBEK | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/01 12:19:57 | 000,575,488 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Home\My Documents\Downloads\OTL.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/30 17:00:14 | 000,910,296 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/12/01 12:19:57 | 000,575,488 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Home\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] – C:\WINDOWS\System32\drivers\KodakCCS.exe – (KodakCCS)
SRV - File not found [On_Demand | Stopped] – C:\WINDOWS\System32\appmgmts.dll – (AppMgmt)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)
SRV - [2009/04/12 14:37:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] – C:\Program Files\DellSupport\brkrsvc.exe – (DSBrokerService)

========== Driver Services (SafeList) ==========

22

DRV - File not found [Kernel | On_Demand | Stopped] – C:\WINDOWS\System32\DRIVERS\wanatw4.sys – (wanatw) WAN Miniport (ATW)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswTdi.sys – (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswSP.sys – (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] – C:\WINDOWS\System32\drivers\aswRdr.sys – (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\WINDOWS\System32\drivers\aswmon2.sys – (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\WINDOWS\System32\drivers\aswFsBlk.sys – (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aavmker4.sys – (Aavmker4)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] – C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS – (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] – C:\Program Files\SUPERAntiSpyware\sasdifsv.sys – (SASDIFSV)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\amdagp.sys – (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\sisagp.sys – (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus)
DRV - [2007/11/13 21:32:26 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] – C:\WINDOWS\System32\drivers\asctrm.sys – (ASCTRM)
DRV - [2007/07/19 22:10:10 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\e1e5132.sys – (e1express) Intel(R)
DRV - [2007/07/16 19:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/16 19:45:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\igxpmp32.sys – (ialm)
DRV - [2007/07/12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\iaStor.sys – (iaStor)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\dsunidrv.sys – (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] – C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys – (DSproct)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] – C:\WINDOWS\system32\DLA\DLADResM.SYS – (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] – C:\WINDOWS\system32\DLA\DLABMFSM.SYS – (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] – C:\WINDOWS\system32\DLA\DLAUDF_M.SYS – (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] – C:\WINDOWS\system32\DLA\DLAUDFAM.SYS – (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] – C:\WINDOWS\system32\DLA\DLAOPIOM.SYS – (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] – C:\WINDOWS\system32\DLA\DLABOIOM.SYS – (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] – C:\WINDOWS\system32\DLA\DLAIFS_M.SYS – (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] – C:\WINDOWS\system32\DLA\DLAPoolM.SYS – (DLAPoolM)
DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\DRVNDDM.SYS – (DRVNDDM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] – C:\WINDOWS\system32\drivers\DLACDBHM.SYS – (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] – C:\WINDOWS\system32\drivers\DLARTL_M.SYS – (DLARTL_M)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\DRVMCDB.SYS – (DRVMCDB)
DRV - [2006/07/07 13:23:30 | 000,408,064 | ---- | M] (Ativa Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ODWGU.sys – (ODWGU(Ativa)) Ativa Wireless G USB Network Adapter(Ativa)
DRV - [2004/08/04 04:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\dac2w2k.sys – (dac2w2k)
DRV - [2004/08/04 04:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\ql1280.sys – (ql1280)
DRV - [2004/08/04 04:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\ql12160.sys – (ql12160)
DRV - [2004/08/04 04:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\ql1080.sys – (ql1080)
DRV - [2004/08/04 04:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\ultra.sys – (ultra)
DRV - [2004/08/04 04:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\symc8xx.sys – (symc8xx)
DRV - [2004/08/04 04:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\sym_u3.sys – (sym_u3)
DRV - [2004/08/04 04:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\sym_hi.sys – (sym_hi)
DRV - [2004/08/04 04:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\asc.sys – (asc)
DRV - [2004/08/04 04:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\sparrow.sys – (Sparrow)
DRV - [2004/08/04 04:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\mraid35x.sys – (mraid35x)
DRV - [2004/08/04 04:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\symc810.sys – (symc810)
DRV - [2004/08/04 04:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\asc3550.sys – (asc3550)
DRV - [2004/08/04 04:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\cmdide.sys – (CmdIde)
DRV - [2004/08/04 04:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\DRIVERS\aliide.sys – (AliIde)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nv4_mini.sys – (nv)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\HSFHWBS2.sys – (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\HSF_CNXT.sys – (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\HSF_DP.sys – (HSF_DP)

23

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071114
IE - HKU.DEFAULT..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071114
IE - HKU\S-1-5-18..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.care2.com/
IE - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…browser.search.suggest.enabled: false
FF - prefs.js…browser.startup.homepage: “http://www.catholicexchange.com/
FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js…network.proxy.no_proxies_on: “*.local”

FF - HKLM\software\mozilla\Firefox\extensions\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/12 04:48:44 | 000,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\Components: C:\Program Files\Mozilla Firefox\components [2010/11/12 14:43:00 | 000,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/30 17:00:18 | 000,000,000 | —D | M]

[2010/02/12 18:10:58 | 000,000,000 | —D | M] – C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2010/02/12 18:10:58 | 000,000,000 | —D | M] – C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\qni8gogc.default\extensions
[2010/02/12 18:10:44 | 000,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions

24

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM…\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKU.DEFAULT…\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18…\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
O33 - MountPoints2{24e3171e-d42e-11dc-b5e9-9b339258de36}\Shell - “” = AutoRun
O33 - MountPoints2{24e3171e-d42e-11dc-b5e9-9b339258de36}\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2{24e3171e-d42e-11dc-b5e9-9b339258de36}\Shell\AutoRun\command - “” = E:\LaunchU3.exe – File not found
O33 - MountPoints2\E\Shell - “” = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - “” = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - “” = E:\LaunchU3.exe – File not found
O35 - HKLM..comfile [open] – “%1” %*
O35 - HKLM..exefile [open] – “%1” %*
O37 - HKLM.…com [@ = ComFile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

25

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 22:50:13 | 000,000,000 | —D | C] – C:\Documents and Settings\Home\Application Data\SUPERAntiSpyware.com
[2010/12/06 22:08:53 | 000,000,000 | —D | C] – C:\Documents and Settings\Home\Desktop
[2010/12/02 13:59:18 | 000,000,000 | —D | C] – C:\Documents and Settings\Home\Application Data\GlarySoft
[2010/12/02 13:16:00 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/02 13:15:07 | 000,000,000 | —D | C] – C:\Program Files\SUPERAntiSpyware
[2010/12/02 12:57:20 | 000,000,000 | —D | C] – C:\Program Files\Glary Utilities
[2010/11/29 22:47:24 | 000,000,000 | —D | C] – C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/29 22:47:24 | 000,000,000 | —D | C] – C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/27 16:59:01 | 000,000,000 | —D | C] – C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/11/27 04:07:05 | 000,000,000 | —D | C] – C:\Documents and Settings\Home\Application Data\Ulhi
[2010/11/27 04:07:05 | 000,000,000 | —D | C] – C:\Documents and Settings\Home\Application Data\Adok
[2010/11/27 04:04:37 | 000,000,000 | —D | C] – C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/11/22 08:21:46 | 000,165,584 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/22 08:21:46 | 000,017,744 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/22 08:21:45 | 000,046,672 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/22 08:21:45 | 000,023,376 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/22 08:21:44 | 000,100,176 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/22 08:21:44 | 000,094,544 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/22 08:21:43 | 000,028,880 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/22 08:21:35 | 000,167,592 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\aswBoot.exe
[2010/11/22 08:21:35 | 000,038,848 | ---- | C] (AVAST Software) – C:\WINDOWS\avastSS.scr
[2010/11/22 08:21:31 | 000,000,000 | —D | C] – C:\Program Files\Alwil Software
[2010/11/22 08:21:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/19 16:43:01 | 000,000,000 | —D | C] – C:\WINDOWS\Prefetch
[2010/11/19 16:28:47 | 000,000,000 | -H-D | C] – C:\WINDOWS$NtServicePackUninstall$
[2010/11/18 15:55:01 | 000,000,000 | —D | C] – C:\Documents and Settings\Home\Application Data\Malwarebytes
[2010/11/18 15:54:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/18 15:54:52 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/18 15:54:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/18 15:54:51 | 000,000,000 | —D | C] – C:\Program Files\Malwarebytes’ Anti-Malware
[2010/11/18 13:20:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) – C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/11/18 13:20:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) – C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/11/18 13:19:14 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) – C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/11/18 05:05:20 | 000,000,000 | —D | C] – C:\Kaspersky Rescue Disk 10.0
[2010/11/15 23:08:02 | 000,000,000 | —D | C] – C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/15 23:05:29 | 000,000,000 | —D | C] – C:\Documents and Settings\NetworkService\Application Data\Adobe
[13 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]
[1 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 05:11:50 | 000,000,312 | ---- | M] () – C:\WINDOWS\tasks\GlaryInitialize.job
[2010/12/07 05:09:56 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2010/12/07 05:08:48 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At9.job
[2010/12/07 05:08:48 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At5.job
[2010/12/07 05:08:48 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At3.job
[2010/12/07 01:53:55 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At4.job
[2010/12/07 01:40:17 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At22.job
[2010/12/07 01:40:17 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At18.job
[2010/12/07 01:40:16 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At12.job
[2010/12/07 00:35:31 | 000,000,664 | ---- | M] () – C:\WINDOWS\System32\d3d9caps.dat
[2010/12/06 22:07:49 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2010/12/02 15:13:20 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At11.job
[2010/12/02 14:24:05 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At16.job
[2010/12/02 13:15:09 | 000,001,678 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/02 13:06:14 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At10.job
[2010/12/02 10:52:56 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At21.job
[2010/12/02 10:06:21 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At7.job
[2010/12/02 08:54:09 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At1.job
[2010/12/02 08:05:13 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At17.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At24.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At23.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At20.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At19.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At15.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At14.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At13.job
[2010/11/30 12:55:57 | 000,001,100 | ---- | M] () – C:\WINDOWS\System32\d3d8caps.dat
[2010/11/30 12:09:27 | 000,002,626 | ---- | M] () – C:\WINDOWS\System32\CONFIG.NT
[2010/11/27 16:59:01 | 000,000,284 | ---- | M] () – C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/24 23:52:35 | 000,007,500 | ---- | M] () – C:\WINDOWS\System32\123.js
[2010/11/22 08:34:45 | 000,386,360 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat
[2010/11/22 08:34:45 | 000,055,324 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat
[2010/11/22 08:31:53 | 000,611,672 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/22 08:30:41 | 000,001,393 | ---- | M] () – C:\WINDOWS\imsins.BAK
[2010/11/22 08:21:46 | 000,001,700 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/19 16:44:02 | 000,316,640 | ---- | M] () – C:\WINDOWS\WMSysPr9.prx
[2010/11/19 14:11:17 | 000,000,815 | ---- | M] () – C:\Documents and Settings\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/18 15:54:55 | 000,000,696 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Malwarebytes’ Anti-Malware.lnk
[2010/11/18 15:51:54 | 000,000,006 | ---- | M] () – C:\Documents and Settings\Home\Application Data\completescan
[2010/11/18 13:25:35 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At8.job
[2010/11/18 13:25:35 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At6.job
[2010/11/18 13:25:35 | 000,000,422 | ---- | M] () – C:\WINDOWS\tasks\At2.job
[2010/11/18 13:23:35 | 000,000,288 | ---- | M] () – C:\WINDOWS\System32$winnt$.inf
[2010/11/18 13:17:31 | 000,023,392 | ---- | M] () – C:\WINDOWS\System32\nscompat.tlb
[2010/11/18 13:17:31 | 000,016,832 | ---- | M] () – C:\WINDOWS\System32\amcompat.tlb
[2010/11/18 13:17:19 | 000,004,161 | ---- | M] () – C:\WINDOWS\ODBCINST.INI
[2010/11/18 13:15:05 | 000,023,428 | ---- | M] () – C:\WINDOWS\System32\emptyregdb.dat
[2010/11/18 13:14:17 | 000,000,535 | ---- | M] () – C:\WINDOWS\System32\mapisvc.inf
[2010/11/18 13:09:08 | 000,004,128 | ---- | M] () – C:\INFCACHE.1
[2010/11/18 10:49:36 | 000,000,201 | RHS- | M] () – C:\boot.ini
[2010/11/16 06:07:23 | 000,695,296 | R— | M] () – C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/11/16 06:07:23 | 000,488,448 | R— | M] () – C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/11/16 05:48:51 | 000,787,958 | ---- | M] () – C:\WINDOWS\setupapi.old
[2010/11/12 03:10:08 | 000,000,006 | ---- | M] () – C:\Documents and Settings\Home\Application Data\start
[2010/11/12 03:00:23 | 000,000,010 | ---- | M] () – C:\Documents and Settings\Home\Application Data\install
[13 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]
[1 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

26

========== Files Created - No Company Name ==========

[2010/12/02 13:15:09 | 000,001,678 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/02 12:57:25 | 000,000,312 | ---- | C] () – C:\WINDOWS\tasks\GlaryInitialize.job
[2010/11/23 23:52:08 | 000,007,500 | ---- | C] () – C:\WINDOWS\System32\123.js
[2010/11/22 08:21:46 | 000,001,700 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/18 15:54:55 | 000,000,696 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Malwarebytes’ Anti-Malware.lnk
[2010/11/18 13:20:24 | 000,175,104 | ---- | C] () – C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/11/18 13:19:58 | 001,158,818 | ---- | C] () – C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/11/18 13:19:50 | 000,059,392 | ---- | C] () – C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/11/18 13:19:49 | 000,196,665 | ---- | C] () – C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/11/18 13:19:48 | 000,134,339 | ---- | C] () – C:\WINDOWS\System32\dllcache\imekr.lex
[2010/11/18 13:19:41 | 013,463,552 | ---- | C] () – C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/11/18 13:19:35 | 000,108,827 | ---- | C] () – C:\WINDOWS\System32\dllcache\hanja.lex
[2010/11/18 13:19:18 | 000,173,568 | ---- | C] () – C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/11/18 13:06:40 | 001,042,903 | ---- | C] () – C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/11/18 13:06:40 | 000,797,189 | ---- | C] () – C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/11/18 13:06:40 | 000,399,645 | ---- | C] () – C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/11/18 13:06:40 | 000,037,484 | ---- | C] () – C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/11/18 13:06:40 | 000,013,472 | ---- | C] () – C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/11/18 13:06:40 | 000,008,574 | ---- | C] () – C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/11/18 13:06:40 | 000,007,710 | ---- | C] () – C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/11/18 10:49:36 | 000,000,201 | RHS- | C] () – C:\boot.ini
[2010/11/12 05:20:53 | 000,001,599 | ---- | C] () – C:\Remote Assistance.lnk
[2010/11/12 03:10:08 | 000,000,006 | ---- | C] () – C:\Documents and Settings\Home\Application Data\start
[2010/11/12 03:05:49 | 000,000,006 | ---- | C] () – C:\Documents and Settings\Home\Application Data\completescan
[2010/11/12 03:00:23 | 000,000,010 | ---- | C] () – C:\Documents and Settings\Home\Application Data\install
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At24.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At23.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At22.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At21.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At20.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At19.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At18.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At17.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At16.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At15.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At14.job
[2010/11/12 02:52:29 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At13.job
[2010/11/12 02:52:28 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At12.job
[2010/11/12 02:52:28 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At11.job
[2010/11/12 02:52:27 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At10.job
[2010/11/12 02:52:26 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At9.job
[2010/11/12 02:52:26 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At8.job
[2010/11/12 02:52:26 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At7.job
[2010/11/12 02:52:26 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At6.job
[2010/11/12 02:52:26 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At5.job
[2010/11/12 02:52:25 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At4.job
[2010/11/12 02:52:21 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At3.job
[2010/11/12 02:52:19 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At2.job
[2010/11/12 02:52:16 | 000,000,422 | ---- | C] () – C:\WINDOWS\tasks\At1.job
[2010/01/25 15:18:00 | 000,000,036 | ---- | C] () – C:\Documents and Settings\Home\Local Settings\Application Data\housecall.guid.cache
[2009/01/27 19:43:50 | 000,001,433 | ---- | C] () – C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/01/24 14:05:20 | 000,000,268 | RH-- | C] () – C:\Documents and Settings\All Users\Application Data\Keychains
[2009/01/24 14:05:20 | 000,000,268 | RH-- | C] () – C:\Documents and Settings\Home\Application Data\Jazz Kit
[2009/01/24 14:05:20 | 000,000,020 | -H-- | C] () – C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/08/11 15:44:07 | 000,000,012 | ---- | C] () – C:\WINDOWS\dirsaver.ini
[2008/02/09 03:18:12 | 000,021,504 | ---- | C] () – C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/02 15:19:58 | 000,000,002 | ---- | C] () – C:\WINDOWS\msoffice.ini
[2007/11/24 22:18:53 | 000,000,315 | ---- | C] () – C:\WINDOWS\SIERRA.INI
[2007/11/15 19:55:45 | 000,016,022 | ---- | C] () – C:\Documents and Settings\Home\Application Data\wklnhst.dat
[2007/11/13 21:36:17 | 000,000,061 | ---- | C] () – C:\WINDOWS\smscfg.ini
[2007/11/13 21:24:35 | 000,056,056 | ---- | C] () – C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/11/13 21:24:35 | 000,000,120 | ---- | C] () – C:\WINDOWS\wininit.ini
[2007/11/13 20:57:13 | 000,204,800 | ---- | C] () – C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/11/13 20:55:37 | 000,001,120 | ---- | C] () – C:\WINDOWS\System32\OEMINFO.INI
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () – C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () – C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () – C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () – C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () – C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () – C:\WINDOWS\ODBCINST.INI
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () – C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

27

========== LOP Check ==========

[2010/11/22 08:21:31 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/01/24 14:05:20 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/01/24 14:05:46 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Nikon
[2007/11/13 21:27:54 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/01/24 14:05:20 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\SystemConfiguration
[2009/01/24 14:05:20 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/11/13 21:32:40 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/13 21:28:49 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/02/12 04:43:48 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/11 10:56:34 | 000,000,000 | —D | M] – C:\Documents and Settings\Home\Application Data\aAvgApi
[2010/11/28 00:34:37 | 000,000,000 | —D | M] – C:\Documents and Settings\Home\Application Data\Adok
[2009/12/11 01:07:14 | 000,000,000 | —D | M] – C:\Documents and Settings\Home\Application Data\Amazon
[2010/12/02 13:59:18 | 000,000,000 | —D | M] – C:\Documents and Settings\Home\Application Data\GlarySoft
[2009/01/24 14:08:52 | 000,000,000 | —D | M] – C:\Documents and Settings\Home\Application Data\Nikon
[2008/01/05 15:24:58 | 000,000,000 | —D | M] – C:\Documents and Settings\Home\Application Data\Printer Info Cache
[2009/11/02 23:59:11 | 000,000,000 | —D | M] – C:\Documents and Settings\Home\Application Data\Stellarium
[2007/11/15 19:55:46 | 000,000,000 | —D | M] – C:\Documents and Settings\Home\Application Data\Template
[2010/11/28 00:34:37 | 000,000,000 | —D | M] – C:\Documents and Settings\Home\Application Data\Ulhi
[2010/12/02 13:01:57 | 000,000,000 | —D | M] – C:\Documents and Settings\Julie\Application Data\GlarySoft
[2009/02/16 19:45:56 | 000,000,000 | —D | M] – C:\Documents and Settings\Julie\Application Data\Nikon
[2008/01/08 02:05:24 | 000,000,000 | —D | M] – C:\Documents and Settings\Julie\Application Data\Template
[2010/11/30 03:17:01 | 000,000,000 | —D | M] – C:\Documents and Settings\Julie\Application Data\Uwuvz
[2010/11/27 13:38:09 | 000,000,000 | —D | M] – C:\Documents and Settings\Julie\Application Data\Ykol
[2008/01/30 20:36:16 | 000,000,000 | —D | M] – C:\Documents and Settings\Susie Q\Application Data\Template
[2010/12/02 08:54:09 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At1.job
[2010/12/02 13:06:14 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At10.job
[2010/12/02 15:13:20 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At11.job
[2010/12/07 01:40:16 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At12.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At13.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At14.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At15.job
[2010/12/02 14:24:05 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At16.job
[2010/12/02 08:05:13 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At17.job
[2010/12/07 01:40:17 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At18.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At19.job
[2010/11/18 13:25:35 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At2.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At20.job
[2010/12/02 10:52:56 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At21.job
[2010/12/07 01:40:17 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At22.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At23.job
[2010/12/01 11:37:51 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At24.job
[2010/12/07 05:08:48 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At3.job
[2010/12/07 01:53:55 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At4.job
[2010/12/07 05:08:48 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At5.job
[2010/11/18 13:25:35 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At6.job
[2010/12/02 10:06:21 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At7.job
[2010/11/18 13:25:35 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At8.job
[2010/12/07 05:08:48 | 000,000,422 | ---- | M] () – C:\WINDOWS\Tasks\At9.job
[2010/12/07 05:11:50 | 000,000,312 | ---- | M] () – C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%*.exe >
[2009/11/02 23:03:39 | 042,911,720 | ---- | M] ( ) – C:\stellarium-0.10.2.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 – C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 – C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 – C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 – C:\WINDOWS$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 – C:\i386\explorer.exe
[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 – C:\WINDOWS$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE – C:\i386\winlogon.exe
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE – C:\WINDOWS$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E – C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E – C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E – C:\WINDOWS\system32\winlogon.exe

< %systemroot%*. /mp /s >

< End of report >

28

OH! OH OH! I thought he meant to post it. Is there anyway I can delete all that junk and add it as an attachment like I’m supposed to. Such an idiot. SORRY! :-[

29

you are not an idiot, you are jus inexperienced and it takes time to get experience. You need to download that cleans that for you. Ashampoo, ccleaner, CSC (comodo system cleaner, which is stable), and many more… there are many.

Regards,
Tenko

30
My mother insisted on taking the computer back tot he Dr. but they returned it without fixing the problem.
Did they charge you for missing all this ?
2010/12/07 05:07:14.0676 Detected object count: 1 2010/12/07 05:07:25.0207 \HardDisk0 - will be cured after reboot 2010/12/07 05:07:25.0207 [b]Rootkit.Win32.TDSS.tdl4[/b](\HardDisk0) - User select action: Cure 2010/12/07 05:07:47.0144 Deinitialize success

And this ?

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-2704480170-2336948257-3775622099-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. [2010/11/27 04:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Ulhi [2010/11/27 04:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\Application Data\Adok [2010/11/24 23:52:35 | 000,007,500 | ---- | M] () -- C:\WINDOWS\System32\123.js [2010/11/12 05:20:53 | 000,001,599 | ---- | C] () -- C:\Remote Assistance.lnk [2010/11/12 03:10:08 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\start [2010/11/12 03:05:49 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\completescan [2010/11/12 03:00:23 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\install [2010/11/30 03:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Uwuvz [2010/11/27 13:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Ykol

:Files
ipconfig /flushdns /c
C:\WINDOWS\tasks\At*.job

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edit : slow forum and posted the wrong second step - now fixed

31

K here is the report from the scan

32

Here is the file from combo fix.

33

Looks good - any remaining problems ?

34

It finally works! And it didn’t cost an arm and leg!!!Thank you SO much!!! And thank you for being so patient with me. I can’t thank you enough you’ve been more helpful than any of these local computer experts!

With much gratitude,
Susie

35

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands [resethosts] [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

.
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.

http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

[*]Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 23.
[*]Click the “Download” button to the right.
[*]Select your Platform and check the box that says: “I agree to the Java SE Runtime Environment 6 License Agreement.”.
[*]Click on Continue.
[*]Click on the link to download Windows Offline Installation (jre-6u23-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager…
[*]Close any programs you may have running - especially your web browser.
[*]Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
[*]Check any item with Java Runtime Environment (JRE or J2SE) in the name.
[*]Click the Remove or Change/Remove button.
[*]Repeat as many times as necessary to remove each Java version.
[*]Reboot your computer once all Java components are removed.
[*]Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u23-windows-i586-p.exe and select “Run as an Administrator.”)

SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[*]SpywareBlaster to help prevent spyware from installing in the first place.

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :wave:

36

@ Shayleigh,

We usually recommend that you keep your machine running for a good 24 – 48 hours after malware removal to make sure everything is working properly and give it a good test drive. After this period, please report back in this thread to let us know how things are going (good or bad).

In the meantime, here are a few suggestions in addition to the ones given to you by Essexboy to keep you and your machine safer in the future:

  1. Keep your definitions up to date for both Avast and MBAM.
  2. Keep all your shields on with Avast.
  3. Update MBAM prior to scanning, then do Quick scans.
  4. Keep your MS Updates current.
  5. Add things to your browsers for safer browsing. See my Signature as an example.
  6. Use common sense when browsing and do not go to risky sites.
  7. When downloading software, read what you are clicking and do not download adware toolbars which are commonly opted in; look before you click or do a Custom install to avoid putting unwanted toolbars on your machine that lead to spyware tracking or adware.
  8. Check to see that your software is up to date with the free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/ since software is changing all the time. This site gives you the vendor’s direct download link making it easy to upgrade your software. Many of us here scan our machines weekly.

Please post back and let us know how your machine is doing. Thank you.

37

What exactly do you mean add things? Like download? we Have MBAM. Do you we need them all? CAN we have them all?

–Susie

38

SafeSurf means security related Add-ons for Firefox like e.g. NoScript.
asyn

39

Exactly. If you look at my Signature and other Evangelist’s Signatures, you will see that they have add-on’s in their browsers to help protect them. I use Firefox (FF) so the add-on’s are for FF. Others use IE, and there are add-on’s for IE although IE also has some internal protective features.

Please let me know if you have any questions and I’d be happy to help you. Thank you.

40

Okay so how do I know which add ons to add? Is there some web site with recommended programs? Thank you.