Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect problem


  • This topic is locked This topic is locked
20 replies to this topic

#1 ntswood

ntswood

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 09 June 2010 - 07:15 AM

I am including the text from the attach and DDS files


When I run GMER, I get C:\\Windows\system32\config\system: The system cannot find the file specified.

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/14/2010 7:38:56 AM
System Uptime: 6/8/2010 10:04:04 AM (21 hours ago)

Motherboard: Quanta | | 363F
Processor: AMD Athlon™ II Dual-Core M300 | Socket S1G3 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 219 GiB total, 175.283 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.191 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP119: 5/28/2010 8:56:00 AM - Windows Modules Installer
RP120: 5/28/2010 8:56:37 AM - Windows Modules Installer
RP121: 5/28/2010 10:00:12 AM - Windows Modules Installer
RP122: 5/28/2010 10:00:37 AM - Windows Modules Installer
RP123: 5/28/2010 9:05:41 PM - Windows Update
RP124: 5/29/2010 1:56:19 AM - Windows Update
RP125: 5/29/2010 3:00:12 AM - Windows Update
RP126: 5/29/2010 12:51:01 PM - Windows Update
RP127: 5/29/2010 5:47:17 PM - Windows Update
RP128: 5/30/2010 12:50:13 AM - Windows Update
RP129: 5/30/2010 3:52:47 PM - Windows Update
RP130: 5/30/2010 6:48:06 PM - Windows Modules Installer
RP131: 5/30/2010 6:48:39 PM - Windows Modules Installer
RP132: 5/31/2010 9:41:47 AM - Windows Update
RP133: 6/1/2010 2:34:38 AM - Windows Update
RP134: 6/1/2010 11:31:27 PM - Windows Modules Installer
RP135: 6/1/2010 11:32:05 PM - Windows Modules Installer

==== Installed Programs ======================

Acrobat.com
Activate Norton Online Backup
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3 MUI
AMD USB Filter Driver
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Calendar
Atheros Driver Installation Program
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite
EPSON NX400 User's Guide
EPSON Scan
Google Toolbar for Internet Explorer
Google Update Helper
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Games
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0148
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
LabelPrint
LightScribe System Software
Microsoft Live Search Toolbar
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Norton AntiVirus
OpenOffice.org 3.1
Power2Go
PowerDirector
PowerRecover
QLBCASL
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Slingbox - Watch Your TV Anywhere
SlingPlayer
SmartWebPrinting
Symantec Technical Support Web Controls
Upromise TurboSaver (remove only)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer

==== End Of File ===========================



dds.txt


DDS (Ver_10-03-17.01) - NTFSX64
Run by Sandra at 7:00:14.63 on Wed 06/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1334 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Upromise\dca-ua.exe
C:\Program Files (x86)\Upromise\UpromiseTray.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIEGA.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sandra\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.charter.net/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton antivirus\norton antivirus\engine\17.7.0.12\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files (x86)\common files\homepage protection\HomepageProtection.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files (x86)\upromise\dca-bho.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files (x86)\upromise\upromisetoolbar.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files (x86)\upromise\upromisetoolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Upromise Update] c:\program files (x86)\upromise\dca-ua.exe
uRun: [Upromise Tray] c:\program files (x86)\upromise\UpromiseTray.exe
uRun: [EPSON Stylus NX400 Series] c:\windows\system32\spool\drivers\x64\3\e_iatiega.exe /fu "c:\windows\temp\E_SA501.tmp" /EF "HKCU"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "c:\program files (x86)\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files (x86)\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QPService] "c:\program files (x86)\hp\quickplay\QPService.exe"
mRun: [ArcSoft Connection Service] c:\program files (x86)\common files\arcsoft\connection service\bin\ACDaemon.exe
StartupFolder: c:\users\sandra\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files (x86)\upromise\upromisetoolbar.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun-x64: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
mRunOnce-x64: [HPHelpUpdater] c:\users\sandra\appdata\local\temp\HPHelpUpdater.exe RUNONCE HPTCE

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\navx64\1107000.00c\symds64.sys [2010-5-21 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\navx64\1107000.00c\symefa64.sys [2010-5-21 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20100429.001\BHDrvx64.sys [2010-4-29 678448]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\navx64\1107000.00c\cchpx64.sys [2010-5-21 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20100604.004\IDSviA64.sys [2010-6-8 463408]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\navx64\1107000.00c\ironx64.sys [2010-5-21 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\navx64\1107000.00c\symtdiv.sys [2010-5-21 451120]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-10-20 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-2 203264]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2010-1-19 16368]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 77216]
R2 NAV;Norton AntiVirus;c:\program files (x86)\norton antivirus\norton antivirus\engine\17.7.0.12\ccsvchst.exe [2010-5-21 126392]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-21 228408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-30 132656]
R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-5-15 88944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-10-20 215040]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-10-20 36408]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-10 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-06-09 01:30:30 0 ----a-w- c:\users\sandra\defogger_reenable
2010-06-09 00:53:37 0 d-----w- c:\program files (x86)\Coupons
2010-06-01 07:28:13 0 d-----w- c:\program files\Registry Easy
2010-05-29 02:09:01 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-29 02:09:01 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-28 15:02:15 0 d-----w- c:\programdata\Google
2010-05-28 13:55:09 65536 --sha-w- c:\users\sandra\ntuser.dat{a3305b7e-69fa-11df-b62e-00269eb0588f}.TM.blf
2010-05-28 13:55:09 524288 --sha-w- c:\users\sandra\ntuser.dat{a3305b7e-69fa-11df-b62e-00269eb0588f}.TMContainer00000000000000000002.regtrans-ms
2010-05-28 13:55:09 524288 --sha-w- c:\users\sandra\ntuser.dat{a3305b7e-69fa-11df-b62e-00269eb0588f}.TMContainer00000000000000000001.regtrans-ms
2010-05-25 20:10:58 0 d-----w- c:\windows\pss
2010-05-25 19:56:25 0 d-----w- c:\windows\LMI42D8.tmp
2010-05-25 19:52:54 0 d-----w- c:\windows\LMI710.tmp
2010-05-25 19:34:52 0 d-----w- c:\users\sandra\appdata\roaming\GetRightToGo
2010-05-24 22:58:51 0 d-----w- c:\users\sandra\appdata\roaming\Tific
2010-05-17 02:16:16 0 d-----w- C:\EPSONREG
2010-05-17 02:14:34 0 d-----w- c:\programdata\ArcSoft
2010-05-17 02:10:47 108032 ----a-w- c:\windows\system32\E_ILMEGA.DLL
2010-05-17 02:10:42 81408 ----a-w- c:\windows\system32\E_IBCBEGA.DLL
2010-05-17 02:10:21 0 d-----w- c:\programdata\EPSON
2010-05-17 02:09:51 83968 ----a-w- c:\windows\system32\esxcwiad.dll
2010-05-17 02:09:48 0 d-----w- c:\program files (x86)\epson
2010-05-17 02:09:08 44 ----a-w- c:\windows\EPSNX400.ini
2010-05-15 18:46:10 0 d-----w- c:\programdata\Sun
2010-05-15 03:29:03 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-05-15 03:29:03 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-05-15 03:29:03 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-05-15 03:29:03 145184 ----a-w- c:\windows\syswow64\java.exe
2010-05-13 02:32:40 0 d-----w- c:\users\sandra\appdata\roaming\WildTangentv1001
2010-05-12 22:56:39 0 d-----w- c:\programdata\Sony Online Entertainment
2010-05-11 23:08:54 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 23:08:53 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-10 21:21:37 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-10 21:21:37 109056 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-05-10 14:38:15 0 d-----w- c:\windows\syswow64\Wat
2010-05-10 14:38:15 0 d-----w- c:\windows\system32\Wat
2010-05-10 14:16:02 0 d-----w- c:\program files (x86)\Microsoft Forefront

==================== Find3M ====================

2010-05-21 19:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 23:45:50 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-05-08 23:45:50 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-05-08 23:45:50 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-27 01:39:31 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-01 23:25:46 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 7:00:41.36 ===============


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 AM

Posted 13 June 2010 - 03:11 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. Do not Attach logs unless I ask you to.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Gmer is the best but can be hard to get a log lets try this and see what we get.

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"



Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ntswood

ntswood
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 13 June 2010 - 07:56 PM

I dowlaoaded Rootkit Unhooker. I doulble clicked on the RKUnhookerLE.exe. I get a error box that says Error loading driver, NTSTATUS code:0xC000036B

So stuck again.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 AM

Posted 13 June 2010 - 10:09 PM

Hello

that is ok it is a 64bit system
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. The two logs from OTL
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ntswood

ntswood
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 14 June 2010 - 07:02 PM

When I try to go to the Malwarebytes by clicking the link, I went to google a couple of time, the I went to
http://www.malwarebytes.org/mbam-download.php and got IE cannot display the webpage.

I can't get there.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 AM

Posted 14 June 2010 - 09:03 PM

complete the OTL log

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ntswood

ntswood
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 16 June 2010 - 06:55 AM

I have attached the two logs

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 AM

Posted 16 June 2010 - 07:34 PM

Hello ntswood

you sent me the extras log from OTL twice please send me the main log


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ntswood

ntswood
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 16 June 2010 - 09:58 PM

The attach filex?

Attached Files



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 AM

Posted 16 June 2010 - 10:24 PM

OTListIt.txt <-- Will be opened this is the one I am looking for

Extra.txt <-- Will be minimized you sent this one twice


Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ntswood

ntswood
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 17 June 2010 - 06:50 AM

Mybe this one?

Attached Files

  • Attached File  OTL.Txt   82.2KB   3 downloads


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 AM

Posted 17 June 2010 - 09:57 PM

Greetings

Sorry for the slow reply but that is a big log to go thru

Run OTL Script

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    CODE
    :OTL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.112.108 85.255.112.117 1.2.3.4
    O33 - MountPoints2\{9b5e462b-0619-11df-a2ae-00269eb0588f}\Shell - "" = AutoRun
    O33 - MountPoints2\{9b5e462b-0619-11df-a2ae-00269eb0588f}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
    O33 - MountPoints2\{f26f28d4-bd53-11de-a899-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{f26f28d4-bd53-11de-a899-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Epsetup.exe -- [2007/03/06 12:38:26 | 000,107,576 | R--- | M] (EPSON America Inc.)
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


also please let me know if things clear up

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ntswood

ntswood
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 18 June 2010 - 07:54 AM

I cannot get to the widows update site. I can get to malawarebytes which I couldn't before. I was always redirect.

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b5e462b-0619-11df-a2ae-00269eb0588f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b5e462b-0619-11df-a2ae-00269eb0588f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b5e462b-0619-11df-a2ae-00269eb0588f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b5e462b-0619-11df-a2ae-00269eb0588f}\ not found.
File F:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f26f28d4-bd53-11de-a899-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f26f28d4-bd53-11de-a899-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f26f28d4-bd53-11de-a899-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f26f28d4-bd53-11de-a899-806e6f6e6963}\ not found.
File move failed. E:\Epsetup.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jimmy
->Temp folder emptied: 377975 bytes
->Temporary Internet Files folder emptied: 32359599 bytes
->Java cache emptied: 10767033 bytes
->Flash cache emptied: 1061 bytes

User: Johnny
->Temp folder emptied: 19247602 bytes
->Temporary Internet Files folder emptied: 48887385 bytes
->Java cache emptied: 29170147 bytes
->Flash cache emptied: 2278 bytes

User: Public

User: Sandra
->Temp folder emptied: 2004 bytes
->Temporary Internet Files folder emptied: 104817370 bytes
->Java cache emptied: 48178318 bytes
->Flash cache emptied: 35197 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 5799889 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12240692 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 21563922 bytes

Total Files Cleaned = 318.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jimmy
->Flash cache emptied: 0 bytes

User: Johnny
->Flash cache emptied: 0 bytes

User: Public

User: Sandra
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.6.0 log created on 06182010_073645

Files\Folders moved on Reboot...
File move failed. E:\Epsetup.exe scheduled to be moved on reboot.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRY048I6\10[1].txt moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRY048I6\beverly[1].southern1 moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRY048I6\facebook_com[1].txt moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRY048I6\redirectiframe[1].html moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMRSS21L\iframe[1].htm moved successfully.
C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XRNNNZL\topic323053[1].htm moved successfully.
File\Folder C:\Windows\temp\MpCmdRun-B7-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock not found!
C:\Windows\temp\MpCmdRun.log moved successfully.

Registry entries deleted on Reboot...


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 AM

Posted 18 June 2010 - 03:37 PM

Greetings

here is what I would like you to do next

Resetting Router

Letís try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.


let me know if this fixed the problem

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ntswood

ntswood
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 19 June 2010 - 04:23 PM

I did a reset on the Linksys wireless router. I didn't see a screen. It came back up and everything is good. Thanks for your help. I'm going to have to work on my son's laptop next, so I'll probably getting back on the forum. Again. Thanks so much.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users