Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirections


  • This topic is locked This topic is locked
2 replies to this topic

#1 Rhett Trappman

Rhett Trappman

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 PM

Posted 24 May 2011 - 08:06 AM

Need help, browser keeps redirecting...

OTL logfile created on: 5/23/2011 3:02:08 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Colby\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.16% Memory free
4.91 Gb Paging File | 3.84 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): c:\pagefile.sys 3055 3055 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 128.79 Gb Free Space | 69.67% Space Free | Partition Type: NTFS

Computer Name: COLBY-PC | User Name: Colby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/23 14:59:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Colby\Desktop\OTL.exe
PRC - [2011/05/04 13:42:04 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/04/29 12:53:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/10 03:53:52 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/07/06 17:36:36 | 000,245,248 | ---- | M] () -- C:\Program Files\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
PRC - [2009/07/06 17:35:48 | 000,131,072 | ---- | M] () -- C:\Program Files\USB Optical Mouse\USB Optical Mouse\Tra.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/16 01:46:08 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
PRC - [2007/05/17 20:03:24 | 004,813,312 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/05/04 18:47:14 | 000,192,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/04/25 14:14:16 | 004,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/20 18:09:16 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/04/10 20:40:28 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/03/29 13:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 13:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/03/22 14:46:54 | 000,448,632 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/02/26 00:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2006/11/15 01:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/11/15 00:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2006/11/14 23:33:10 | 000,045,056 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 16:10:12 | 000,012,288 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 21:30:16 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/23 14:59:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Colby\Desktop\OTL.exe
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/01/19 03:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/16 01:46:08 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 13:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/26 00:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 20:47:50 | 000,151,552 | ---- | M] () [Auto | Stopped] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 23:33:10 | 000,045,056 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 16:10:12 | 000,012,288 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 21:30:16 | 000,118,784 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/24 16:56:16 | 000,009,472 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NMgamingms.sys -- (NMgamingmsFltr)
DRV - [2008/01/19 02:15:00 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/07/13 15:23:00 | 000,070,528 | ---- | M] (Broadcom Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\BRCMHD32.sys -- (BRCMDECO)
DRV - [2007/06/16 01:04:34 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/16 14:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/03 04:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2007/01/03 04:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/03 04:43:18 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3469944460-3484947872-2405961730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3469944460-3484947872-2405961730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3469944460-3484947872-2405961730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/14 06:47:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/22 10:41:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/22 10:41:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 12:53:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/10 14:22:01 | 000,000,000 | ---D | M]

[2010/02/19 19:52:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colby\AppData\Roaming\Mozilla\Extensions
[2011/05/10 00:40:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colby\AppData\Roaming\Mozilla\Firefox\Profiles\4h8jwutk.default\extensions
[2010/09/01 00:58:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Colby\AppData\Roaming\Mozilla\Firefox\Profiles\4h8jwutk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/27 02:17:00 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Colby\AppData\Roaming\Mozilla\Firefox\Profiles\4h8jwutk.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2011/04/27 02:16:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Colby\AppData\Roaming\Mozilla\Firefox\Profiles\4h8jwutk.default\extensions\engine@conduit.com
[2011/02/21 01:55:56 | 000,002,387 | ---- | M] () -- C:\Users\Colby\AppData\Roaming\Mozilla\Firefox\Profiles\4h8jwutk.default\searchplugins\askcom.xml
[2011/03/21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Users\Colby\AppData\Roaming\Mozilla\Firefox\Profiles\4h8jwutk.default\searchplugins\conduit.xml
[2011/04/10 14:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/25 02:06:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/02 22:01:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/01 08:41:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\COLBY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4H8JWUTK.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
() (No name found) -- C:\USERS\COLBY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4H8JWUTK.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
[2011/04/29 12:53:23 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/18 23:47:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [USB Optical Mouse] C:\Program Files\USB Optical Mouse\USB Optical Mouse\MouseHid.exe ()
O4 - HKU\S-1-5-21-3469944460-3484947872-2405961730-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3469944460-3484947872-2405961730-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKU\S-1-5-21-3469944460-3484947872-2405961730-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3469944460-3484947872-2405961730-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3469944460-3484947872-2405961730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3469944460-3484947872-2405961730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-3469944460-3484947872-2405961730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKU\S-1-5-21-3469944460-3484947872-2405961730-1000\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Colby\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Colby\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/20 16:24:24 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 14:59:16 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Colby\Desktop\OTL.exe
[2011/05/23 01:39:54 | 000,000,000 | ---D | C] -- C:\Users\Colby\Desktop\wolf99
[2011/05/22 01:46:43 | 000,000,000 | ---D | C] -- C:\Users\Colby\AppData\Local\Apple Computer
[2011/05/21 03:08:20 | 000,000,000 | ---D | C] -- C:\Users\Colby\AppData\Local\Adobe
[2011/05/20 17:52:19 | 000,000,000 | ---D | C] -- C:\Users\Colby\AppData\Local\Apple
[2011/05/20 16:24:24 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2011/05/20 04:39:58 | 000,000,000 | ---D | C] -- C:\Users\Colby\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/20 04:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/20 04:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/20 04:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/20 03:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/05/19 00:02:16 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/05/18 23:47:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/05/18 23:45:13 | 000,000,000 | ---D | C] -- C:\Users\Colby\AppData\Local\temp
[2011/05/18 23:27:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/18 23:21:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/18 23:21:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/18 23:21:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/18 23:21:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/17 16:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/05/17 16:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/17 16:05:26 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Colby\Desktop\HJTInstall.exe
[2011/05/17 14:37:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/15 06:12:19 | 000,000,000 | ---D | C] -- C:\Users\Colby\Desktop\DUKE.part3
[2011/05/15 06:05:35 | 000,000,000 | ---D | C] -- C:\Users\Colby\Desktop\DatAss_upd16
[2011/05/15 03:08:55 | 000,000,000 | ---D | C] -- C:\Users\Colby\Desktop\DUKE.part2
[2011/05/14 03:49:55 | 000,000,000 | ---D | C] -- C:\Users\Colby\Desktop\DUKE.part1
[2011/05/07 02:13:17 | 000,000,000 | ---D | C] -- C:\Users\Colby\Desktop\CX3WLSLC1620
[2011/05/05 01:32:12 | 000,000,000 | ---D | C] -- C:\Users\Colby\Desktop\CX3WMI3137
[2011/05/05 01:04:14 | 000,000,000 | ---D | C] -- C:\Users\Colby\Desktop\40-41
[2011/05/03 22:54:31 | 000,000,000 | ---D | C] -- C:\Users\Colby\Desktop\38-39
[2011/04/27 02:17:00 | 000,000,000 | ---D | C] -- C:\Users\Colby\AppData\Local\Conduit
[2011/04/27 02:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Giraffic
[2011/04/27 01:01:39 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 01:01:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Colby\Downloads\Documents\*.tmp files -> C:\Users\Colby\Downloads\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/23 14:59:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Colby\Desktop\OTL.exe
[2011/05/23 14:56:20 | 005,582,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/23 14:56:20 | 001,882,322 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/23 14:49:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 14:49:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 14:49:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/23 03:09:20 | 168,820,736 | ---- | M] () -- C:\Users\Colby\Desktop\the_perfect_match_big(1).mp4
[2011/05/23 01:40:25 | 000,000,016 | ---- | M] () -- C:\Users\Colby\Desktop\the_perfect_match_big.mp4
[2011/05/23 01:37:30 | 248,953,249 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/23 01:34:08 | 030,098,878 | ---- | M] () -- C:\Users\Colby\Desktop\wolf99.rar
[2011/05/22 01:56:30 | 000,145,408 | ---- | M] () -- C:\Users\Colby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/21 05:06:25 | 371,106,062 | ---- | M] () -- C:\Users\Colby\Desktop\5.caroline.pierce(1).avi
[2011/05/21 02:24:56 | 000,000,016 | ---- | M] () -- C:\Users\Colby\Desktop\5.caroline.pierce.avi
[2011/05/20 04:39:53 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/18 23:47:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/18 23:20:29 | 004,351,251 | ---- | M] () -- C:\Users\Colby\Desktop\ComboFix.exe
[2011/05/17 16:05:44 | 000,001,885 | ---- | M] () -- C:\Users\Colby\Desktop\HijackThis.lnk
[2011/05/17 16:05:33 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Colby\Desktop\HJTInstall.exe
[2011/05/14 05:49:28 | 729,335,808 | ---- | M] () -- C:\Users\Colby\Desktop\I.Cant.Believe.I.bleeped.A.Zombie.XXX.DVDRip.XviD-Jiggly.CD1.avi
[2011/05/12 22:30:34 | 036,357,088 | ---- | M] () -- C:\Users\Colby\Desktop\wbHickmanPt10411.mp3
[2011/05/08 00:38:32 | 000,428,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/01 17:56:59 | 000,076,560 | ---- | M] () -- C:\Users\Colby\Downloads\Documents\DocumentDownload.pdf
[2011/04/29 13:43:37 | 000,060,362 | ---- | M] () -- C:\Users\Colby\Desktop\DCP_and_Minutemen_Week_of_20_04_11.torrent
[2011/04/26 01:55:50 | 000,012,744 | ---- | M] () -- C:\Users\Colby\Downloads\Documents\Court of the Archon 2000.odt
[2011/04/24 05:03:33 | 748,411,664 | ---- | M] () -- C:\Users\Colby\Desktop\War Iraq.mpg
[2011/04/24 03:04:57 | 000,012,823 | ---- | M] () -- C:\Users\Colby\Downloads\Documents\Kabal of the Bladed Irony 2000.odt
[2011/04/24 02:39:38 | 000,012,407 | ---- | M] () -- C:\Users\Colby\Downloads\Documents\Kabal 2 splinter cannons.odt
[2011/04/23 16:40:21 | 000,471,040 | ---- | M] () -- C:\Users\Colby\Downloads\Documents\NP_Access2010_T1_CP1b_ColbyPryor_2.accdb
[2011/04/23 16:13:51 | 000,344,064 | ---- | M] () -- C:\Users\Colby\Downloads\Documents\Database1.accdb
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Colby\Downloads\Documents\*.tmp files -> C:\Users\Colby\Downloads\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/23 02:05:48 | 168,820,736 | ---- | C] () -- C:\Users\Colby\Desktop\the_perfect_match_big(1).mp4
[2011/05/23 01:17:02 | 030,098,878 | ---- | C] () -- C:\Users\Colby\Desktop\wolf99.rar
[2011/05/23 00:54:59 | 000,000,016 | ---- | C] () -- C:\Users\Colby\Desktop\the_perfect_match_big.mp4
[2011/05/21 02:39:47 | 371,106,062 | ---- | C] () -- C:\Users\Colby\Desktop\5.caroline.pierce(1).avi
[2011/05/21 01:27:02 | 000,000,016 | ---- | C] () -- C:\Users\Colby\Desktop\5.caroline.pierce.avi
[2011/05/20 04:39:53 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/18 23:21:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/18 23:21:16 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/18 23:21:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/18 23:21:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/18 23:18:13 | 004,351,251 | ---- | C] () -- C:\Users\Colby\Desktop\ComboFix.exe
[2011/05/17 16:05:44 | 000,001,885 | ---- | C] () -- C:\Users\Colby\Desktop\HijackThis.lnk
[2011/05/14 01:57:31 | 729,335,808 | ---- | C] () -- C:\Users\Colby\Desktop\I.Cant.Believe.I.bleeped.A.Zombie.XXX.DVDRip.XviD-Jiggly.CD1.avi
[2011/05/14 00:05:09 | 248,953,249 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/12 22:19:40 | 036,357,088 | ---- | C] () -- C:\Users\Colby\Desktop\wbHickmanPt10411.mp3
[2011/05/01 17:56:59 | 000,076,560 | ---- | C] () -- C:\Users\Colby\Downloads\Documents\DocumentDownload.pdf
[2011/04/29 13:43:35 | 000,060,362 | ---- | C] () -- C:\Users\Colby\Desktop\DCP_and_Minutemen_Week_of_20_04_11.torrent
[2011/04/26 01:55:48 | 000,012,744 | ---- | C] () -- C:\Users\Colby\Downloads\Documents\Court of the Archon 2000.odt
[2011/04/24 04:33:09 | 748,411,664 | ---- | C] () -- C:\Users\Colby\Desktop\War Iraq.mpg
[2011/04/24 02:22:38 | 000,012,823 | ---- | C] () -- C:\Users\Colby\Downloads\Documents\Kabal of the Bladed Irony 2000.odt
[2011/04/24 02:11:27 | 000,012,407 | ---- | C] () -- C:\Users\Colby\Downloads\Documents\Kabal 2 splinter cannons.odt
[2011/04/23 16:40:15 | 000,471,040 | ---- | C] () -- C:\Users\Colby\Downloads\Documents\NP_Access2010_T1_CP1b_ColbyPryor_2.accdb
[2011/04/23 16:13:39 | 000,344,064 | ---- | C] () -- C:\Users\Colby\Downloads\Documents\Database1.accdb
[2010/08/15 05:15:48 | 000,000,680 | ---- | C] () -- C:\Users\Colby\AppData\Local\d3d9caps.dat
[2010/06/14 16:33:25 | 000,012,054 | R--- | C] () -- C:\Windows\hpwscr20.dat
[2010/06/14 16:32:11 | 000,178,404 | ---- | C] () -- C:\Windows\hpwins20.dat
[2010/04/18 23:50:44 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010/04/18 23:32:56 | 000,001,069 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
[2010/03/14 06:23:02 | 000,215,012 | ---- | C] () -- C:\Windows\hpoins35.dat
[2010/03/02 18:06:59 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/26 16:51:18 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2010/02/19 19:55:00 | 000,145,408 | ---- | C] () -- C:\Users\Colby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/19 19:52:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/19 07:25:56 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2010/02/19 07:25:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2010/02/19 07:25:56 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2010/02/19 07:25:56 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2010/02/02 09:09:26 | 135,558,563 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2010/02/02 09:09:06 | 010,177,536 | ---- | C] () -- C:\Program Files\openofficeorg32.msi
[2010/02/01 19:27:28 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2009/06/24 06:01:10 | 000,001,069 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2008/01/08 08:42:32 | 000,002,428 | R--- | C] () -- C:\Windows\hpwmdl20.dat
[2007/06/12 14:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/06/12 13:42:19 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/06/12 13:42:19 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/06/12 13:42:19 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/06/12 13:42:19 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/05/22 16:51:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/05/22 16:26:48 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/22 15:39:00 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/03/06 20:54:04 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/12/05 16:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,428,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 005,582,812 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 001,882,322 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >

BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:49 PM

Posted 01 June 2011 - 09:53 AM

Hello Rhet Trappman and welcome to Bleeping Computer!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download ATF Cleaner
Save it to your Desktop.

Please locate ATF
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

-------------

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:
  • TDSSKiller logfile
  • C:\ComboFix.txt
  • DDS logfile
  • Security Check checkup.txt

How is your computer running now?

#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:07:49 PM

Posted 18 June 2011 - 09:35 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users