also @ TechSpot: Microsoft wants Xbox to be the entertainment hub for all your devices

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] Google redirect and new IE windows opening

Discussion in 'Virus and Malware Removal' started by Mister Ed, Feb 23, 2011.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. Mister Ed Newcomer, in training

    And here is the ESET Log file (wow, I think):

    C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP709\A0094410.exe Win32/SpeedUpMyPC application
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225114.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225119.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225120.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225121.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225122.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225123.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225149.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225152.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225153.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225154.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225155.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225156.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225157.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225158.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225213.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225214.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225215.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225216.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225217.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225300.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155603.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155607.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155608.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155609.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155610.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155611.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155626.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155633.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155634.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155635.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155638.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155639.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155640.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155834.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155843.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155853.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155902.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155904.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155907.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155908.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155909.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155910.backup Win32/Qhost trojan
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155911.backup Win32/Qhost trojan
    Mister Ed, Feb 24, 2011
    #21

  2. Broni Malware Annihilator

    Not really a big deal there...

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
C:\WINDOWS\system32\drivers\etc\hosts.*.backup

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ====================================================================

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
    Broni, Feb 24, 2011
    #22

  3. Mister Ed Newcomer, in training

    OTL
    ====================
    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225114.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225119.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225120.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225121.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225122.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225123.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225149.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225152.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225153.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225154.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225155.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225156.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225157.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225158.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225213.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225214.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225215.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225216.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225217.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20040224-225300.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155603.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155607.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155608.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155609.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155610.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155611.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155626.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155633.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155634.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155635.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155638.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155639.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155640.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155834.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155843.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155853.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155902.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155904.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155907.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155908.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155909.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155910.backup moved successfully.
    C:\WINDOWS\system32\drivers\etc\hosts.20110206-155911.backup moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Ed Schaar
    ->Temp folder emptied: 8237558 bytes
    ->Temporary Internet Files folder emptied: 12416016 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 1011 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 20.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Ed Schaar
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.21.0 log created on 02252011_180205

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Ed Schaar\Local Settings\Temporary Internet Files\Content.IE5\OMW0VP5W\allworldsite_com[1].htm moved successfully.
    C:\Documents and Settings\Ed Schaar\Local Settings\Temporary Internet Files\Content.IE5\OMW0VP5W\showbanner[1].htm moved successfully.
    C:\Documents and Settings\Ed Schaar\Local Settings\Temporary Internet Files\Content.IE5\OMW0VP5W\topic161631-2[1].html moved successfully.
    C:\Documents and Settings\Ed Schaar\Local Settings\Temporary Internet Files\Content.IE5\AYEXVW2P\crosspixel-dest[1].htm moved successfully.
    C:\Documents and Settings\Ed Schaar\Local Settings\Temporary Internet Files\Content.IE5\AYEXVW2P\searchTrack[1].htm moved successfully.

    Registry entries deleted on Reboot...
    Mister Ed, Feb 25, 2011
    #23

  4. Mister Ed Newcomer, in training

    Well ... after updating Acrobat and rebooting. I was redirected to a different page when I clicked to come back here.:(

    I'm guessing you want me to hold off on doing the system restore?? Let me know.
    Mister Ed, Feb 25, 2011
    #24

  5. Broni Malware Annihilator

    Which browser is affected?

    Let's try to reset your router....

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
    Broni, Feb 25, 2011
    #25

  6. Mister Ed Newcomer, in training

    Just got back,
    Browser is: IE 8.0
    Will do the router now.

    Reset router as described ... still redirecting and new windows popping up,
    Mister Ed, Feb 25, 2011
    #26

  7. Mister Ed Newcomer, in training

    Broni -
    I think you hit the proverbial 'nail on the head' with the router! After doing the router reset and that not working ... I undid the incoming LAN cable from the router and put it directly into the computer (by passed the router). I surfed around for 5-10 min and no pop-ups ... no redirects.

    Now, I know one of the rules is about doing things on your own ... but I figured flipping the cables wouldn't be a big deal to try (especially following your thoughts on the router being the issue). Its the only thing I have tried without following your explicit instructions ... I promise.:blush:

    So, if the issue is in the router (it is disconnected now) where do I go from here? I'm guessing for the computer to pick up from your earlier post where I left off (by the Mr. Clean pic)?

    And then what about the router?

    Standing by ... not doing anything else until I hear from you ... I promise!!
    Mister Ed, Feb 25, 2011
    #27

  8. Broni Malware Annihilator

    You did just fine.

    Try to reset router one more time.
    Remember, unplugging it won't do.
    You must use "Reset" pinhole and make sure you hold it long enough, so all lights go off then on.
    If you do it correctly, that should solve the issue.
    Broni, Feb 25, 2011
    #28

  9. Mister Ed Newcomer, in training

    I tried resetting again, twice, and get the redirect (with router connected).

    I am resetting correctly ... it is one of the only processes that you have written about ... that I actually knew what I was doing, LOL. Push hold the recessed button, the green light goes off, comes back on blinking (orange I think) and then to green when ready.
    Mister Ed, Feb 25, 2011
    #29

  10. Broni Malware Annihilator

    Do you have another browser to see, if redirection is present there too?

    Reconnect router and...

    1. Go Start>Run ("Start search" in Vista and Win 7), type in:
    cmd
    Click OK (hold CTRL nad SHIFT keys and press Enter in Vista and Win 7).

    2. At Command Prompt, paste this:
    ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
    Hit Enter.

    3. Copy and paste what you see in Notepad into a Reply here.
    Broni, Feb 25, 2011
    #30

  11. Mister Ed Newcomer, in training

    Nope ... only IE on the computers.

    Windows IP Configuration



    Host Name . . . . . . . . . . . . : ed-nxaibjwwpxn5

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : Belkin



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . : Belkin

    Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

    Physical Address. . . . . . . . . : 00-07-E9-51-93-55

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.2.2

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.2.1

    DHCP Server . . . . . . . . . . . : 192.168.2.1

    DNS Servers . . . . . . . . . . . : 192.168.2.1

    Lease Obtained. . . . . . . . . . : Friday, February 25, 2011 11:30:48 PM

    Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM
    Mister Ed, Feb 25, 2011
    #31

  12. Mister Ed Newcomer, in training

    Wait a minute!!

    Does this look right?? Copied from my http://router/ page
    DNS Address 213.109.67.25

    One web site I checked shows it originating in the Russian Federation.
    --------------------------------
    Also found ..... Secondary DNS Address > 213.109.76.134. Also from the Russian Federation.

    I'm thinking something's rotten in Russia!!!
    Mister Ed, Feb 25, 2011
    #32

  13. Broni Malware Annihilator

    Yes, this is definitely a hijacker.

    Where did you find that IP? I don't see it in your "ipconfig" log.

    Normally, resetting a router gets rid of it.

    If you see the above in your network settings, get rid of it.
    Broni, Feb 25, 2011
    #33

  14. Mister Ed Newcomer, in training

    This is a copy of my http://router page. The first DNS shows on that page, when it did not show on that report I ran for you ... I kinda went hmmm ... and looked it up (I almost sound like I know what I'm talking about ... but not!).
    +++++++++++++++++++++++++++++++++++
    You will need to log in before you can change any settings.


    Language
    Current Language English
    Available Languages
    Time February 26, 2011 9:30:44 AM

    Version Info
    Hardware F7D3302 v1
    Firmware 1.00.23 (Aug 30 2010)
    Boot Loader 0.08e
    Serial No. 121015G3101791

    Internet Settings
    WAN MAC Address 00:07:e9:51:93:55
    Connection Type Dynamic
    WAN IP 10.100.2.83
    Subnet Mask 255.255.0.0
    Default Gateway 10.100.0.1
    DNS Address 213.109.67.25
    LAN Settings
    LAN/WLAN MAC 94:44:52:61:18:DD
    IP Address 192.168.2.1
    Subnet Mask 255.255.255.0
    DHCP Server Enabled (0 LAN, 2 WLAN Clients)

    Features
    Firewall Settings Enabled
    SSID Belkin.48DD
    Security WPA-Personal ( PSK )
    UPnP Enabled
    Remote Management Disabled
    WPS Enabled
    Guest Access Enabled
    SSID Belkin.48DD.guests
    Password/PSK 2B38B53842

    ++++++++++++++++++++++++++++
    So, I was looking at what it would take to to change that. On my router I can click on any of the line items(above) to go into another page for the set up of that item. (probably all similar? but I have no clue). So if I click on the DNS address above I go to the set up page for that and this is what I see:
    ==================
    WAN > DNS

    If your ISP provided you with a specific DNS address to use, enter the address in this window and click "Apply Changes" .

    Automatic from ISP

    DNS Address > 213.109.67.25 . . .

    Secondary DNS Address > 213.109.76.134 . . .

    DNS = Domain Name Server. A server located on the Internet that translates URL's (Universal Resource Links) like www.belkin.com to IP addresses.You must enter the DNS settings provided by your ISP if you don't use the Automatic DNS function More Info
    +++++++++++++++++++++++++++++++++
    Mister Ed, Feb 26, 2011
    #34

  15. Mister Ed Newcomer, in training

    I have since deleted the two Russian dns and clicked on the box 'Automatic from ISP'. And reset the router.

    I no longer see the two Russian DNS entries. And I have seen no redirect or pop upd in some limited testing (but actually using the same google search as I had been ... clicking on the same links).

    So ... how to keep this from happening agina to the router?

    Will pick up from where I left off in the earlier thread (on the computer) setting the restore point etc (by the Mr. Clean pic).
    Mister Ed, Feb 26, 2011
    #35

  16. Mister Ed Newcomer, in training

    Log after running OTL setting the new restore point:
    =======
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Ed Schaar
    ->Temp folder emptied: 221272 bytes
    ->Temporary Internet Files folder emptied: 12585609 bytes
    ->Java cache emptied: 13291 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 1031 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 12.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Ed Schaar
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.21.0 log created on 02262011_123154

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Ed Schaar\Local Settings\Temporary Internet Files\Content.IE5\P391SIIF\sh32[1].html not found!
    File\Folder C:\Documents and Settings\Ed Schaar\Local Settings\Temporary Internet Files\Content.IE5\MB829HG6\crosspixel-dest[1].htm not found!
    C:\Documents and Settings\Ed Schaar\Local Settings\Temporary Internet Files\Content.IE5\MB829HG6\topic161631-2[1].html moved successfully.

    Registry entries deleted on Reboot...
    Mister Ed, Feb 26, 2011
    #36

  17. Broni Malware Annihilator

    Good job :)

    Router infection/hijack is always an offspring of some infection.
    If you keep your computer clean, your outer will stay healthy.

    In any case....

    Way to go!! [IMG]
    Good luck and stay safe :)
    Broni, Feb 26, 2011
    #37

  18. Mister Ed Newcomer, in training

    And thank you very much for the help!!!
    Mister Ed, Feb 26, 2011
    #38

  19. Broni Malware Annihilator

    And you're very welcome :)
    Broni, Feb 26, 2011
    #39
Page 2 of 2
Thread Status:
Not open for further replies.