Solved Help removing malware?

Status
Not open for further replies.

merenwen

Posts: 35   +0
Hi there! You guys helped me remove malware (I think rootkit) over the summer, and that was a lifesaver! Well... here I am again with the exact same issue. Google searches are redirecting me to random sites.

Also, this time there have been two other issues that have gone on for longer and which I've stupidly ignored:
1) A few websites, such as meebo.com, won't work at all. I'll get an error message "server not found." A very helpful meebo employee gave me a direct ip address to go to and said there was something wrong with my DNS server which wasn't redirecting certain URLs properly.
2) Very randomly, when using the internet, a new window (not tab) in Firefox opens up with more spammy type of sites. This is different from the above-mentioned problem, where it's only happening when I google and opens up in the same tab. Also, these spammy sites all say google-analytics or something similar.

I don't know if these 3 issues are related and if you can help with them all, but I know that the first problem is the exact one I had in the summer, and you were able to help with that.

My logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5612

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/26/2011 9:28:42 PM
mbam-log-2011-01-26 (21-28-42).txt

Scan type: Quick scan
Objects scanned: 143098
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-26 21:39:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD161HJ rev.JF100-22
Running: ghv9bqve.exe; Driver: C:\DOCUME~1\****\LOCALS~1\Temp\fxdyqfob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

---------------------------------------


DDS (Ver_10-12-12.02) - NTFSx86
Run by **** at 21:55:04.84 on Wed 01/26/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1179 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\****\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\****\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\****\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://vpn.level2iaas.com/XTSAC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\****\applic~1\mozilla\firefox\profiles\0fq2dssd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2445525&SearchSource=3&q={searchTerms}
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\****\application data\mozilla\firefox\profiles\0fq2dssd.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{43c35458-c907-439b-bcfd-07d373834689}: {43c35458-c907-439b-bcfd-07d373834689} - %profile%\extensions\{43c35458-c907-439b-bcfd-07d373834689}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 gupdate1ca1bc6c8bc7930;Google Update Service (gupdate1ca1bc6c8bc7930);c:\program files\google\update\GoogleUpdate.exe [2009-8-12 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

=============== Created Last 30 ================

2011-01-03 15:01:13 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-03 14:58:40 -------- d-----w- c:\docume~1\****\locals~1\applic~1\Sunbelt Software
2011-01-03 02:02:17 -------- d-----w- c:\docume~1\****\applic~1\AVG10
2011-01-03 01:55:33 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-01-03 01:54:17 -------- d-----w- c:\windows\system32\drivers\AVG
2011-01-03 01:54:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-01-03 00:30:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-02 16:52:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

==================== Find3M ====================

2011-01-03 15:02:36 26112 ----a-w- c:\windows\system32\userinit.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2008-01-20 22:05:44 2625445 ----a-w- c:\program files\klcodec365b.exe

============= FINISH: 21:55:40.28 ===============

----------------------------------


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/20/2008 11:39:09 AM
System Uptime: 1/26/2011 9:20:30 PM (0 hours ago)

Motherboard: Dell Inc. | | 0CU409
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2194/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 14.395 GiB free.
D: is CDROM (UDF)
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Canon MX860 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MX860 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam

==== System Restore Points ===================

RP72: 10/29/2010 3:56:59 AM - System Checkpoint
RP73: 10/30/2010 3:57:08 AM - System Checkpoint
RP74: 10/31/2010 5:09:10 AM - System Checkpoint
RP75: 11/1/2010 5:45:10 AM - System Checkpoint
RP76: 11/2/2010 6:57:09 AM - System Checkpoint
RP77: 11/3/2010 8:05:29 AM - System Checkpoint
RP78: 11/4/2010 8:06:08 AM - System Checkpoint
RP79: 11/5/2010 9:57:13 AM - System Checkpoint
RP80: 11/6/2010 10:11:24 AM - System Checkpoint
RP81: 11/7/2010 10:31:34 AM - System Checkpoint
RP82: 11/8/2010 11:11:24 AM - System Checkpoint
RP83: 11/9/2010 12:08:45 PM - System Checkpoint
RP84: 11/10/2010 3:00:17 AM - Software Distribution Service 3.0
RP85: 11/11/2010 3:26:59 AM - System Checkpoint
RP86: 11/12/2010 5:00:18 AM - System Checkpoint
RP87: 11/13/2010 5:10:28 AM - System Checkpoint
RP88: 11/14/2010 5:12:53 AM - System Checkpoint
RP89: 11/15/2010 6:24:26 AM - System Checkpoint
RP90: 11/16/2010 8:15:27 AM - System Checkpoint
RP91: 11/17/2010 8:32:43 AM - System Checkpoint
RP92: 11/18/2010 9:09:06 AM - System Checkpoint
RP93: 11/19/2010 9:43:38 AM - System Checkpoint
RP94: 11/20/2010 10:43:38 AM - System Checkpoint
RP95: 11/21/2010 11:43:40 AM - System Checkpoint
RP96: 11/22/2010 12:43:38 PM - System Checkpoint
RP97: 11/23/2010 1:31:38 PM - System Checkpoint
RP98: 11/24/2010 1:43:38 PM - System Checkpoint
RP99: 11/25/2010 1:44:12 PM - System Checkpoint
RP100: 11/26/2010 2:36:23 PM - System Checkpoint
RP101: 11/27/2010 2:44:13 PM - System Checkpoint
RP102: 11/28/2010 3:44:13 PM - System Checkpoint
RP103: 11/29/2010 9:26:32 PM - System Checkpoint
RP104: 11/30/2010 9:44:03 PM - System Checkpoint
RP105: 12/1/2010 10:04:04 PM - System Checkpoint
RP106: 12/2/2010 11:23:42 PM - System Checkpoint
RP107: 12/3/2010 11:56:26 PM - System Checkpoint
RP108: 12/5/2010 12:57:39 AM - System Checkpoint
RP109: 12/6/2010 1:05:41 AM - System Checkpoint
RP110: 12/7/2010 1:06:24 AM - System Checkpoint
RP111: 12/8/2010 2:06:39 AM - System Checkpoint
RP112: 12/9/2010 3:06:39 AM - System Checkpoint
RP113: 12/10/2010 5:07:10 AM - System Checkpoint
RP114: 12/11/2010 5:18:40 AM - System Checkpoint
RP115: 12/12/2010 5:24:00 AM - System Checkpoint
RP116: 12/13/2010 6:06:40 AM - System Checkpoint
RP117: 12/14/2010 7:09:19 AM - System Checkpoint
RP118: 12/15/2010 3:00:26 AM - Software Distribution Service 3.0
RP119: 12/16/2010 2:19:14 PM - System Checkpoint
RP120: 12/17/2010 3:20:16 PM - System Checkpoint
RP121: 12/18/2010 3:00:13 AM - Software Distribution Service 3.0
RP122: 12/19/2010 3:17:35 AM - System Checkpoint
RP123: 1/1/2007 12:25:31 AM - System Checkpoint
RP124: 12/19/2010 12:25:13 PM - System Checkpoint
RP125: 12/20/2010 1:03:44 PM - System Checkpoint
RP126: 12/21/2010 1:29:44 PM - System Checkpoint
RP127: 12/22/2010 3:09:07 PM - System Checkpoint
RP128: 12/23/2010 3:53:02 PM - System Checkpoint
RP129: 12/24/2010 4:30:53 PM - System Checkpoint
RP130: 12/25/2010 4:41:47 PM - System Checkpoint
RP131: 12/26/2010 6:35:43 PM - System Checkpoint
RP132: 12/27/2010 6:39:07 PM - System Checkpoint
RP133: 1/1/2007 1:16:53 AM - System Checkpoint
RP134: 12/28/2010 5:29:56 PM - System Checkpoint
RP135: 12/29/2010 9:17:00 PM - System Checkpoint
RP136: 12/30/2010 11:32:32 PM - System Checkpoint
RP137: 1/1/2011 12:08:30 AM - System Checkpoint
RP138: 1/2/2011 12:29:15 AM - System Checkpoint
RP139: 1/2/2011 8:53:41 PM - Installed AVG 2011
RP140: 1/2/2011 8:54:03 PM - Installed AVG 2011
RP141: 1/4/2011 12:00:28 AM - System Checkpoint
RP142: 1/5/2011 12:32:31 AM - System Checkpoint
RP143: 1/6/2011 10:05:35 AM - System Checkpoint
RP144: 1/7/2011 11:17:03 AM - System Checkpoint
RP145: 1/8/2011 7:59:20 PM - System Checkpoint
RP146: 1/9/2011 2:53:40 PM - Removed Logitech Vid.
RP147: 1/10/2011 3:22:03 PM - System Checkpoint
RP148: 1/11/2011 4:39:28 PM - System Checkpoint
RP149: 1/12/2011 3:00:17 AM - Software Distribution Service 3.0
RP150: 1/13/2011 3:11:51 AM - System Checkpoint
RP151: 1/14/2011 4:11:51 AM - System Checkpoint
RP152: 1/15/2011 8:13:52 PM - System Checkpoint
RP153: 1/16/2011 8:14:40 PM - System Checkpoint
RP154: 1/17/2011 10:37:42 AM - Removed Bonjour
RP155: 1/18/2011 11:31:09 AM - System Checkpoint
RP156: 1/19/2011 4:38:42 PM - System Checkpoint
RP157: 1/20/2011 4:46:03 PM - System Checkpoint
RP158: 1/21/2011 5:11:08 PM - System Checkpoint
RP159: 1/22/2011 7:22:27 PM - System Checkpoint
RP160: 1/23/2011 7:28:17 PM - System Checkpoint
RP161: 1/24/2011 8:29:32 PM - System Checkpoint
RP162: 1/25/2011 9:42:34 PM - System Checkpoint

==== Installed Programs ======================

ABC (remove only)
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Canon MP Navigator EX 2.1
Canon MP210 series
Canon MP210 series User Registration
Canon MX860 series MP Drivers
Canon MX860 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (remove only)
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
doPDF 6.0 printer
DVD Flick
FrostWire 4.21.1
Google Chrome
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
iTunes
Java Auto Updater
Java(TM) 6 Update 21
K-Lite Codec Pack 3.6.5 Basic
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
Prism Video Converter
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Roxio MyDVD DE
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Switch Sound File Converter
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Usmleworld Step2 QBank V2
VC80CRTRedist - 8.0.50727.4053
VideoCam Suite
VideoLAN VLC media player 0.8.6d
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

1/26/2011 9:38:25 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D097DF82A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/26/2011 9:18:28 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
1/26/2011 9:18:28 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/26/2011 9:18:28 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
1/26/2011 9:18:28 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/23/2011 10:22:59 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.

==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thanks so much! You asked that I keep you posted on the state of my computer. I haven't tried a google search yet, but I already see the google-analytics thing happening.

Here are my logs:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA338000 cercsr6.sys
0xB9F19000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EF9000 fltmgr.sys
0xB9EE7000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9ED0000 KSecDD.sys
0xB9EBD000 WudfPf.sys
0xB9E30000 Ntfs.sys
0xB9E03000 NDIS.sys
0xB9DE9000 Mup.sys
0xBA340000 avgrkx86.sys
0xBA108000 AVGIDSEH.Sys
0xB9686000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB89E0000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB89CC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8967000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB893F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA488000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB9676000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9666000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9656000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB891C000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA490000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA7EA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9646000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA588000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8905000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9636000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9626000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA498000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB88F4000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9616000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9606000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA380000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5DA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8896000 \SystemRoot\system32\DRIVERS\update.sys
0xBA598000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA388000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA148000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA168000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5DE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA82A9000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA8285000 \SystemRoot\system32\drivers\portcls.sys
0xBA178000 \SystemRoot\system32\drivers\drmk.sys
0xBA188000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xBA5E2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA745000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E4000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3A0000 \SystemRoot\System32\drivers\vga.sys
0xBA5E6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA550000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA822A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA81D1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA81AB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8163000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA568000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3B8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA574000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA580000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xA8113000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA80F1000 \SystemRoot\System32\drivers\afd.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA80C6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8056000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA79E6000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xBA1E8000 \SystemRoot\system32\drivers\usbaudio.sys
0xA79A6000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xA796A000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xA78B9000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA78A1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA612000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA7946000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA440000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA719000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA7781000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA747C000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA2E8000 \SystemRoot\system32\drivers\sysaudio.sys
0xA6E0F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA6ECC000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA6C9F000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7811000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA6B37000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA6B13000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA6777000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA658E000 \SystemRoot\System32\Drivers\HTTP.sys
0xA6130000 \??\C:\DOCUME~1\****\LOCALS~1\Temp\fxdyqfob.sys
0xA6074000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA438000 \??\C:\DOCUME~1\****\LOCALS~1\Temp\mbr.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
644 C:\WINDOWS\system32\smss.exe
860 csrss.exe
888 C:\WINDOWS\system32\winlogon.exe
932 C:\WINDOWS\system32\services.exe
944 C:\WINDOWS\system32\lsass.exe
1112 C:\WINDOWS\system32\svchost.exe
1184 svchost.exe
1280 C:\WINDOWS\system32\svchost.exe
1320 C:\WINDOWS\system32\svchost.exe
1380 svchost.exe
1476 svchost.exe
1672 C:\WINDOWS\system32\spoolsv.exe
1904 C:\WINDOWS\explorer.exe
216 C:\WINDOWS\system32\hkcmd.exe
224 C:\WINDOWS\system32\igfxpers.exe
272 C:\WINDOWS\RTHDCPL.exe
280 C:\WINDOWS\system32\igfxsrvc.exe
308 C:\Program Files\Common Files\Java\Java Update\jusched.exe
416 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
424 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
432 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
448 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
492 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
608 C:\Program Files\iTunes\iTunesHelper.exe
824 C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
836 C:\WINDOWS\system32\ctfmon.exe
828 C:\Program Files\Logitech\Vid HD\Vid.exe
1388 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
1420 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
2172 svchost.exe
2204 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2336 C:\Program Files\Java\jre6\bin\jqs.exe
2388 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
2692 C:\WINDOWS\system32\svchost.exe
3988 C:\Program Files\iPod\bin\iPodService.exe
3408 alg.exe
2848 C:\WINDOWS\system32\svchost.exe
2584 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
3200 C:\Program Files\Mozilla Firefox\firefox.exe
1580 C:\Program Files\Mozilla Firefox\plugin-container.exe
1132 C:\Program Files\AVG\AVG10\avgtray.exe
2628 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3232 C:\Program Files\AVG\AVG10\avgwdsvc.exe
3596 C:\Program Files\AVG\AVG10\avgrsx.exe.old
184 C:\Program Files\AVG\AVG10\avgcsrvx.exe
3992 C:\Program Files\AVG\AVG10\avgchsvx.exe
2624 C:\Program Files\AVG\AVG10\avgnsx.exe
2240 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
6020 C:\Documents and Settings\****\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD161HJ, Rev: JF100-22

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

----------------------------------------------------

ComboFix 11-01-27.02 - **** 01/27/2011 21:07:21.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1552 [GMT -5:00]
Running from: c:\documents and settings\****\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))))
.

2011-01-03 15:01 . 2011-01-03 15:01 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-03 14:58 . 2011-01-03 14:58 -------- d-----w- c:\documents and settings\****\Local Settings\Application Data\Sunbelt Software
2011-01-03 01:55 . 2011-01-03 01:55 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-03 01:54 . 2011-01-28 01:56 -------- d-----w- c:\windows\system32\drivers\AVG
2011-01-02 16:52 . 2011-01-02 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-03 15:02 . 2004-08-04 10:00 26112 ----a-w- c:\windows\system32\userinit.exe
2010-12-20 23:09 . 2007-01-01 01:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2007-01-01 01:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2008-01-20 16:35 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 10:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2008-01-20 22:05 . 2008-01-20 22:05 2625445 ----a-w- c:\program files\klcodec365b.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-17 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 16132608]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-08 202256]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\****\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2010-10-18 3656]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-3-25 25214]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28403:TCP"= 28403:TCP:LimeWire1
"17563:TCP"= 17563:TCP:abc1
"6346:TCP"= 6346:TCP:Limewire2
"11095:TCP"= 11095:TCP:limewire 4.16.7

S2 gupdate1ca1bc6c8bc7930;Google Update Service (gupdate1ca1bc6c8bc7930);c:\program files\Google\Update\GoogleUpdate.exe [8/12/2009 10:33 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 03:32]

2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 03:32]

2011-01-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-220523388-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2011-01-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-220523388-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\****\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2445525&SearchSource=3&q={searchTerms}
FF - prefs.js: network.proxy.type - 0
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{43c35458-c907-439b-bcfd-07d373834689}: {43c35458-c907-439b-bcfd-07d373834689} - %profile%\extensions\{43c35458-c907-439b-bcfd-07d373834689}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 21:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2956)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-01-27 21:19:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-28 02:19

Pre-Run: 15,706,386,432 bytes free
Post-Run: 15,693,336,576 bytes free

- - End Of File - - 9D0C8148F71E463B19C6B3088BC0C8B9
 
Thank you for the update :)

Both logs look fine.

Which browser is affected?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Wow, you're fast! I really appreciate this!

The affected browser is Firefox, but I haven't tried IE or Chrome at all. Should I?

Here are the logs (I had to split it between 2 posts):

OTL logfile created on: 1/27/2011 10:01:24 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 5120 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 14.63 Gb Free Space | 9.82% Space Free | Partition Type: NTFS
Drive D: | 1.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/27 22:00:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe
PRC - [2010/10/29 15:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/08 18:03:36 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/17 20:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/05/21 03:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/01/27 22:00:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/16 21:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/04/13 20:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643



IE - HKU\S-1-5-21-1757981266-220523388-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1757981266-220523388-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "farm helper Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2445525&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/05 21:27:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/17 10:38:27 | 000,000,000 | ---D | M]

[2010/10/09 20:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\****\Application Data\Mozilla\Extensions
[2010/10/09 20:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\****\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/27 21:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions
[2010/09/28 06:24:37 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/01/05 21:28:35 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/10/15 17:24:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/05/03 06:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2008/01/20 12:51:23 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2011/01/04 15:14:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/09 18:47:22 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/08/04 19:34:37 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/11/13 00:44:46 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\searchplugins\conduit.xml
[2011/01/05 21:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/02 02:00:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2008/02/04 17:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/01/27 21:12:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1757981266-220523388-839522115-1004\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1757981266-220523388-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1757981266-220523388-839522115-1004..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\****\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-220523388-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757981266-220523388-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1757981266-220523388-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1757981266-220523388-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.level2iaas.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.249 213.109.75.133
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\****\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\****\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/20 11:37:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/27 21:59:59 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe
[2011/01/27 21:04:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/27 21:04:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/27 21:04:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/27 21:04:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/27 21:04:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/17 10:37:43 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/13 16:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Desktop\2011_01_13
[2011/01/06 13:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Desktop\Incomplete
[2011/01/03 10:01:13 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/01/03 09:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Local Settings\Application Data\Sunbelt Software
[2011/01/02 20:55:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/02 20:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/01/02 11:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/01/20 17:05:31 | 002,625,445 | ---- | C] ( ) -- C:\Program Files\klcodec365b.exe

========== Files - Modified Within 30 Days ==========

[2011/01/27 22:00:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe
[2011/01/27 21:12:51 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/01/27 21:12:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/27 21:12:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/27 21:12:39 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-220523388-839522115-1004.job
[2011/01/27 21:12:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/27 20:43:12 | 004,262,472 | R--- | M] () -- C:\Documents and Settings\****\Desktop\ComboFix.exe
[2011/01/27 20:41:03 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\****\Desktop\MBRCheck.exe
[2011/01/27 20:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/27 12:04:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-220523388-839522115-1004.job
[2011/01/27 00:50:15 | 000,187,206 | ---- | M] () -- C:\Documents and Settings\****\Desktop\j13m79 edited.JPG
[2011/01/27 00:45:26 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Word.lnk
[2011/01/27 00:44:35 | 000,173,305 | ---- | M] () -- C:\Documents and Settings\****\Desktop\j13m79.jpg
[2011/01/26 22:31:59 | 000,003,139 | ---- | M] () -- C:\Documents and Settings\****\Desktop\m7b0w3.gif
[2011/01/26 21:35:33 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\****\Desktop\ghv9bqve.exe
[2011/01/26 21:20:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/01/26 21:20:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/01/26 08:45:31 | 000,261,508 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMG.jpg
[2011/01/25 10:01:02 | 001,130,018 | ---- | M] () -- C:\Documents and Settings\****\Desktop\loestrin.bmp
[2011/01/24 23:09:46 | 000,016,696 | ---- | M] () -- C:\Documents and Settings\****\Desktop\lutherna general edited.docx
[2011/01/24 22:21:56 | 000,012,152 | ---- | M] () -- C:\Documents and Settings\****\Desktop\300 words edited.docx
[2011/01/24 13:49:56 | 000,039,409 | ---- | M] () -- C:\Documents and Settings\****\Desktop\a.jpg
[2011/01/24 13:20:59 | 000,377,798 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMG_0796.JPG
[2011/01/24 12:52:35 | 000,048,731 | ---- | M] () -- C:\Documents and Settings\****\Desktop\image.jpg
[2011/01/24 11:52:56 | 004,622,557 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMG_0811.JPG
[2011/01/24 11:20:27 | 000,919,154 | ---- | M] () -- C:\Documents and Settings\****\Desktop\untitled.bmp
[2011/01/24 11:07:30 | 004,972,024 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMG_0816.JPG
[2011/01/24 11:06:50 | 004,048,350 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMG_0807.JPG
[2011/01/24 11:06:41 | 004,601,044 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMG_0805.JPG
[2011/01/24 11:06:14 | 005,714,990 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMG_0787.JPG
[2011/01/24 11:05:43 | 004,316,512 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMG_0802.JPG
[2011/01/24 11:05:31 | 004,327,521 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMG_0801.JPG
[2011/01/24 11:05:04 | 003,519,957 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMG_0799.JPG
[2011/01/24 11:00:04 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\****\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/24 10:45:36 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Excel.lnk
[2011/01/24 07:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/20 23:20:48 | 000,012,651 | ---- | M] () -- C:\Documents and Settings\****\Desktop\cohens edited.docx
[2011/01/18 12:45:27 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Book1.xls
[2011/01/16 23:56:43 | 000,668,068 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMG_0671.JPG
[2011/01/15 18:05:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/03 10:01:13 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

========== Files Created - No Company Name ==========

[2011/01/27 21:04:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/27 21:04:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/27 21:04:20 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/27 21:04:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/27 21:04:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/27 20:42:56 | 004,262,472 | R--- | C] () -- C:\Documents and Settings\****\Desktop\ComboFix.exe
[2011/01/27 20:41:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\****\Desktop\MBRCheck.exe
[2011/01/27 00:50:15 | 000,187,206 | ---- | C] () -- C:\Documents and Settings\****\Desktop\j13m79 edited.JPG
[2011/01/27 00:44:35 | 000,173,305 | ---- | C] () -- C:\Documents and Settings\****\Desktop\j13m79.jpg
[2011/01/26 22:31:59 | 000,003,139 | ---- | C] () -- C:\Documents and Settings\****\Desktop\m7b0w3.gif
[2011/01/26 21:35:33 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\****\Desktop\ghv9bqve.exe
[2011/01/26 08:28:23 | 000,261,508 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMG.jpg
[2011/01/25 10:01:01 | 001,130,018 | ---- | C] () -- C:\Documents and Settings\****\Desktop\loestrin.bmp
[2011/01/24 23:09:46 | 000,016,696 | ---- | C] () -- C:\Documents and Settings\****\Desktop\lutherna general edited.docx
[2011/01/24 22:21:55 | 000,012,152 | ---- | C] () -- C:\Documents and Settings\****\Desktop\300 words edited.docx
[2011/01/24 13:49:56 | 000,039,409 | ---- | C] () -- C:\Documents and Settings\****\Desktop\a.jpg
[2011/01/24 12:52:35 | 000,048,731 | ---- | C] () -- C:\Documents and Settings\****\Desktop\image.jpg
[2011/01/24 11:15:54 | 000,919,154 | ---- | C] () -- C:\Documents and Settings\****\Desktop\untitled.bmp
[2011/01/24 11:07:28 | 004,972,024 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMG_0816.JPG
[2011/01/24 11:07:09 | 004,622,557 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMG_0811.JPG
[2011/01/24 11:06:49 | 004,048,350 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMG_0807.JPG
[2011/01/24 11:06:40 | 004,601,044 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMG_0805.JPG
[2011/01/24 11:06:27 | 000,377,798 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMG_0796.JPG
[2011/01/24 11:06:12 | 005,714,990 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMG_0787.JPG
[2011/01/24 11:05:42 | 004,316,512 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMG_0802.JPG
[2011/01/24 11:05:30 | 004,327,521 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMG_0801.JPG
[2011/01/24 11:03:51 | 003,519,957 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMG_0799.JPG
[2011/01/20 23:20:48 | 000,012,651 | ---- | C] () -- C:\Documents and Settings\****\Desktop\cohens edited.docx
[2011/01/18 12:45:23 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Book1.xls
[2011/01/16 23:55:39 | 000,668,068 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMG_0671.JPG
[2011/01/11 10:17:26 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\****\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/23 15:31:04 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/18 18:32:22 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/01/20 17:06:09 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/20 11:53:41 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/01/20 11:43:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/01/20 06:17:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2008/03/18 22:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/03/27 18:01:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/12/07 10:40:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/01/02 20:55:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/26 21:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/10/11 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/06/17 19:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2006/12/31 19:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/11 18:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/08 16:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/01/20 14:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\.ABC
[2010/08/05 22:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Amazon
[2008/03/18 22:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Broderbund
[2010/12/07 10:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Canon
[2009/06/23 17:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\FireShot
[2011/01/06 13:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\FrostWire
[2009/12/06 19:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Gleim
[2008/01/20 12:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Grisoft
[2009/10/13 19:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\gtk-2.0
[2010/03/17 08:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Lala Music Mover
[2010/04/23 15:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Leadertech
[2009/01/19 19:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\NCH Swift Sound
[2009/06/17 19:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Nitro PDF
[2009/10/25 10:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Opera
[2008/08/03 10:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Panasonic
[2008/05/09 06:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Snapfish
[2010/07/16 17:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/20 11:37:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/05 20:07:12 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2010/08/10 23:27:38 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2011/01/27 21:19:12 | 000,011,669 | ---- | M] () -- C:\ComboFix.txt
[2008/01/20 11:37:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/01/20 11:37:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/07 21:55:12 | 000,000,359 | -H-- | M] () -- C:\IPH.PH
[2010/08/12 19:49:15 | 000,012,057 | ---- | M] () -- C:\JavaRa.log
[2008/01/20 11:37:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/30 20:17:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/27 21:12:34 | 3221,225,472 | -HS- | M] () -- C:\pagefile.sys
[2011/01/02 20:36:41 | 000,035,872 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_02.01.2011_20.36.26_log.txt
[2011/01/06 12:55:56 | 000,038,274 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_06.01.2011_12.55.39_log.txt
[2011/01/26 20:01:28 | 000,037,282 | ---- | M] () -- C:\TDSSKiller.2.4.15.0_26.01.2011_20.01.09_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/01/20 11:37:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/19 00:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8S.DLL
[2008/10/26 04:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9N.DLL
[2007/03/19 00:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8S.DLL
[2008/10/26 04:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9N.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 17:05:44 | 002,625,445 | ---- | M] ( ) -- C:\Program Files\klcodec365b.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 06:15:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/01/20 06:15:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/01/20 06:15:42 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/30 20:21:57 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/08/31 06:21:55 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/08/31 06:21:55 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/01/27 20:43:12 | 004,262,472 | R--- | M] () -- C:\Documents and Settings\****\Desktop\ComboFix.exe
[2011/01/26 21:35:33 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\****\Desktop\ghv9bqve.exe
[2011/01/27 20:41:03 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\****\Desktop\MBRCheck.exe
[2011/01/27 22:00:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/31 06:21:55 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\****\Favorites\Desktop.ini
[2010/03/03 00:11:50 | 000,000,248 | ---- | M] () -- C:\Documents and Settings\****\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/01/27 21:19:35 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\****\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 1/27/2011 10:01:24 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 5120 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 14.63 Gb Free Space | 9.82% Space Free | Partition Type: NTFS
Drive D: | 1.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0
"AntiVirusOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"28403:TCP" = 28403:TCP:*:Enabled:LimeWire1
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"17563:TCP" = 17563:TCP:*:Enabled:abc1
"6346:TCP" = 6346:TCP:*:Enabled:Limewire2
"11095:TCP" = 11095:TCP:*:Enabled:limewire 4.16.7

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ABC\abc.exe" = C:\Program Files\ABC\abc.exe:*:Enabled:abc -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F638781-7754-411F-974C-F20F27292E24}" = VideoCam Suite
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"ABC" = ABC (remove only)
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Canon MP210 series User Registration" = Canon MP210 series User Registration
"Canon MX860 series User Registration" = Canon MX860 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"doPDF 6 printer_is1" = doPDF 6.0 printer
"DVD Flick_is1" = DVD Flick
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FrostWire" = FrostWire 4.21.1
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Basic
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Prism" = Prism Video Converter
"RealPlayer 12.0" = RealPlayer
"Switch" = Switch Sound File Converter
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-220523388-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Usmleworld Step2 QBank V2" = Usmleworld Step2 QBank V2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2011 5:18:02 AM | Computer Name = **** | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/27/2011 5:18:02 AM | Computer Name = **** | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/27/2011 5:22:41 AM | Computer Name = **** | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 1/27/2011 9:44:18 PM | Computer Name = **** | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 1/27/2011 9:44:20 PM | Computer Name = **** | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/27/2011 9:48:49 PM | Computer Name = **** | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 1/27/2011 9:54:47 PM | Computer Name = **** | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 1/27/2011 9:54:48 PM | Computer Name = **** | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/27/2011 9:55:57 PM | Computer Name = **** | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/27/2011 9:55:57 PM | Computer Name = **** | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ OSession Events ]
Error - 8/19/2009 11:36:34 PM | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 54 seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/12/2010 7:21:37 AM | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39524
seconds with 1320 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/17/2011 11:37:56 AM | Computer Name = **** | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/23/2011 11:22:59 AM | Computer Name = **** | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 1/26/2011 10:18:28 PM | Computer Name = **** | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/26/2011 10:18:28 PM | Computer Name = **** | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/26/2011 10:18:28 PM | Computer Name = **** | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/26/2011 10:18:28 PM | Computer Name = **** | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 1/26/2011 10:21:46 PM | Computer Name = **** | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 1/26/2011 10:38:25 PM | Computer Name = **** | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001D097DF82A. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 1/27/2011 10:01:27 PM | Computer Name = **** | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 1/27/2011 10:03:53 PM | Computer Name = **** | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
 
but I haven't tried IE or Chrome at all. Should I?
Yes. I need to know.

You can reinstall your AVG now.

I'll need to know, what stands behind "****" as a user name.
Otherwise I can't create fix script.
 
Ok, in all three browsers, when I opened up the link to this very thread from my Gmail account, it redirected. In Firefox, it opened up a new window with the spam, and in Chrome and IE, it redirected in the same tab as this thread was starting to load. In IE, I suddenly had this pop up:

30bfyb7.jpg


Sorry about blocking my username - I'm so paranoid about privacy! It's SHAINA - I guess I'll edit it out of this thread once everything is fixed, if that's ok!
 
I can see, your DNS has bee hijacked.
We'll try to fix it using OTL. It may not work, but we have to try it first.

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    FF - prefs.js..browser.search.defaultthis.engineName: "farm helper Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2445525&SearchSource=3&q={searchTerms}"
    [2009/11/13 00:44:46 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\SHAINA\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\searchplugins\conduit.xml
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.249 213.109.75.133
    [2011/01/03 10:01:13 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/01/03 09:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SHAINA\Local Settings\Application Data\Sunbelt Software
    [2011/01/03 10:01:13 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2009/03/26 21:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    
    
    :Files
    ipconfig /flushdns /c
    
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
Ok, I see the google-analytics thing is still happening.

I updated Java and removed old versions.

(By the way, I'm having the same problem on my laptop. I guess the fact that the computers are connected with the router means they'll have the same problems. Will I need to start a new thread to work on the laptop, or will fixing the problem on this computer solve everything?

Here are the logs:

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "farm helper Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2445525&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\searchplugins\conduit.xml moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
C:\WINDOWS\system32\drivers\SBREDrv.sys moved successfully.
C:\Documents and Settings\SHAINA\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine folder moved successfully.
C:\Documents and Settings\SHAINA\Local Settings\Application Data\Sunbelt Software\CounterSpy folder moved successfully.
C:\Documents and Settings\SHAINA\Local Settings\Application Data\Sunbelt Software folder moved successfully.
File C:\WINDOWS\System32\drivers\SBREDrv.sys not found.
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Shaina\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Shaina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Shaina
->Temp folder emptied: 10128075 bytes
->Temporary Internet Files folder emptied: 192043 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 45110515 bytes
->Google Chrome cache emptied: 8640857 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2747 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109080 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 61.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Shaina
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 01272011_231202

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

-------------------------

OTL logfile created on: 1/27/2011 11:16:18 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Shaina\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 5120 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 14.62 Gb Free Space | 9.81% Space Free | Partition Type: NTFS
Drive D: | 1.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ARONHOMEPC | User Name: Shaina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/27 22:00:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shaina\Desktop\OTL.exe
PRC - [2011/01/02 19:19:48 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011/01/02 19:19:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/29 15:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/08 18:03:36 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/17 20:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/05/21 03:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2004/12/14 03:44:16 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/01/27 22:00:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shaina\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/16 21:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/04/13 20:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/05 21:27:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/17 10:38:27 | 000,000,000 | ---D | M]

[2010/10/09 20:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Extensions
[2010/10/09 20:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/27 21:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions
[2010/09/28 06:24:37 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/01/05 21:28:35 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/10/15 17:24:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/05/03 06:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2008/01/20 12:51:23 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2011/01/04 15:14:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/09 18:47:22 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/08/04 19:34:37 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/01/27 23:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/27 23:07:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/09/02 02:00:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2008/02/04 17:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/01/27 21:12:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\Shaina\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.level2iaas.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.249 213.109.75.133
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Shaina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shaina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/20 11:37:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/27 23:12:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/27 23:12:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/27 21:59:59 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shaina\Desktop\OTL.exe
[2011/01/27 21:04:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/27 21:04:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/27 21:04:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/27 21:04:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/27 21:04:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/13 16:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shaina\Desktop\2011_01_13
[2011/01/06 13:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shaina\Desktop\Incomplete
[2011/01/02 20:55:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/02 20:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/01/02 11:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/01/20 17:05:31 | 002,625,445 | ---- | C] ( ) -- C:\Program Files\klcodec365b.exe

========== Files - Modified Within 30 Days ==========

[2011/01/27 23:14:08 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/01/27 23:13:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/27 23:13:29 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-220523388-839522115-1004.job
[2011/01/27 23:13:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/27 23:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/27 22:46:09 | 004,320,054 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\untitled.bmp
[2011/01/27 22:00:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shaina\Desktop\OTL.exe
[2011/01/27 21:12:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/27 20:43:12 | 004,262,472 | R--- | M] () -- C:\Documents and Settings\Shaina\Desktop\ComboFix.exe
[2011/01/27 20:41:03 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\MBRCheck.exe
[2011/01/27 12:04:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-220523388-839522115-1004.job
[2011/01/27 00:50:15 | 000,187,206 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\j13m79 edited.JPG
[2011/01/27 00:45:26 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\Word.lnk
[2011/01/27 00:44:35 | 000,173,305 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\j13m79.jpg
[2011/01/26 22:31:59 | 000,003,139 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\m7b0w3.gif
[2011/01/26 21:35:33 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\ghv9bqve.exe
[2011/01/26 21:20:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/01/26 21:20:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/01/26 08:45:31 | 000,261,508 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG.jpg
[2011/01/25 10:01:02 | 001,130,018 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\loestrin.bmp
[2011/01/24 23:09:46 | 000,016,696 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\lutherna general edited.docx
[2011/01/24 22:21:56 | 000,012,152 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\300 words edited.docx
[2011/01/24 13:49:56 | 000,039,409 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\a.jpg
[2011/01/24 13:20:59 | 000,377,798 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0796.JPG
[2011/01/24 12:52:35 | 000,048,731 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\image.jpg
[2011/01/24 11:52:56 | 004,622,557 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0811.JPG
[2011/01/24 11:07:30 | 004,972,024 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0816.JPG
[2011/01/24 11:06:50 | 004,048,350 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0807.JPG
[2011/01/24 11:06:41 | 004,601,044 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0805.JPG
[2011/01/24 11:06:14 | 005,714,990 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0787.JPG
[2011/01/24 11:05:43 | 004,316,512 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0802.JPG
[2011/01/24 11:05:31 | 004,327,521 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0801.JPG
[2011/01/24 11:05:04 | 003,519,957 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0799.JPG
[2011/01/24 11:00:04 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Shaina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/24 10:45:36 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\Excel.lnk
[2011/01/24 07:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/20 23:20:48 | 000,012,651 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\cohens edited.docx
[2011/01/18 12:45:27 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\Book1.xls
[2011/01/16 23:56:43 | 000,668,068 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0671.JPG
[2011/01/15 18:05:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/01/27 21:04:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/27 21:04:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/27 21:04:20 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/27 21:04:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/27 21:04:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/27 20:42:56 | 004,262,472 | R--- | C] () -- C:\Documents and Settings\Shaina\Desktop\ComboFix.exe
[2011/01/27 20:41:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\MBRCheck.exe
[2011/01/27 00:50:15 | 000,187,206 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\j13m79 edited.JPG
[2011/01/27 00:44:35 | 000,173,305 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\j13m79.jpg
[2011/01/26 22:31:59 | 000,003,139 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\m7b0w3.gif
[2011/01/26 21:35:33 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\ghv9bqve.exe
[2011/01/26 08:28:23 | 000,261,508 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG.jpg
[2011/01/25 10:01:01 | 001,130,018 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\loestrin.bmp
[2011/01/24 23:09:46 | 000,016,696 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\lutherna general edited.docx
[2011/01/24 22:21:55 | 000,012,152 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\300 words edited.docx
[2011/01/24 13:49:56 | 000,039,409 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\a.jpg
[2011/01/24 12:52:35 | 000,048,731 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\image.jpg
[2011/01/24 11:15:54 | 004,320,054 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\untitled.bmp
[2011/01/24 11:07:28 | 004,972,024 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0816.JPG
[2011/01/24 11:07:09 | 004,622,557 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0811.JPG
[2011/01/24 11:06:49 | 004,048,350 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0807.JPG
[2011/01/24 11:06:40 | 004,601,044 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0805.JPG
[2011/01/24 11:06:27 | 000,377,798 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0796.JPG
[2011/01/24 11:06:12 | 005,714,990 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0787.JPG
[2011/01/24 11:05:42 | 004,316,512 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0802.JPG
[2011/01/24 11:05:30 | 004,327,521 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0801.JPG
[2011/01/24 11:03:51 | 003,519,957 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0799.JPG
[2011/01/20 23:20:48 | 000,012,651 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\cohens edited.docx
[2011/01/18 12:45:23 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\Book1.xls
[2011/01/16 23:55:39 | 000,668,068 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0671.JPG
[2011/01/11 10:17:26 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Shaina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/23 15:31:04 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/18 18:32:22 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/01/20 17:06:09 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/20 11:53:41 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/01/20 11:43:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/01/20 06:17:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2008/03/18 22:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/03/27 18:01:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/12/07 10:40:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/01/02 20:55:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/10/11 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/06/17 19:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2006/12/31 19:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/11 18:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/08 16:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/01/20 14:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\.ABC
[2010/08/05 22:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Amazon
[2008/03/18 22:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Broderbund
[2010/12/07 10:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Canon
[2009/06/23 17:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\FireShot
[2011/01/06 13:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\FrostWire
[2009/12/06 19:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Gleim
[2008/01/20 12:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Grisoft
[2009/10/13 19:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\gtk-2.0
[2010/03/17 08:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Lala Music Mover
[2010/04/23 15:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Leadertech
[2009/01/19 19:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\NCH Swift Sound
[2009/06/17 19:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Nitro PDF
[2009/10/25 10:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Opera
[2008/08/03 10:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Panasonic
[2008/05/09 06:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Snapfish
[2010/07/16 17:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\WinPatrol

========== Purity Check ==========



< End of report >
 
I'm having the same problem on my laptop. I guess the fact that the computers are connected with the router means they'll have the same problems. Will I need to start a new thread to work on the laptop, or will fixing the problem on this computer solve everything?
The redirection itself is definitely caused by infected router.
Fixing it should solve the problem for the other computer as well, but it won't hurt, if start new topic later, regarding the other computer.
When the router is infected some stuff may be creeping into your other computer too.

Now, we'll reset your router....

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

Check for redirections and post fresh OTL "Quick scan" log.
 
Ok, it seems to be fixed!! :)

I will check out my laptop and post a thread about it at some point over the weekend.

Here's the log:

OTL logfile created on: 1/27/2011 11:42:43 PM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Shaina\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 5120 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 14.59 Gb Free Space | 9.79% Space Free | Partition Type: NTFS
Drive D: | 1.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ARONHOMEPC | User Name: Shaina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/27 22:00:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shaina\Desktop\OTL.exe
PRC - [2011/01/02 19:19:48 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011/01/02 19:19:43 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/29 15:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/08 18:03:36 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/17 20:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/05/21 03:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/01/27 22:00:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shaina\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/16 21:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/04/13 20:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/05 21:27:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/17 10:38:27 | 000,000,000 | ---D | M]

[2010/10/09 20:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Extensions
[2010/10/09 20:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/27 21:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions
[2010/09/28 06:24:37 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/01/05 21:28:35 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/10/15 17:24:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/05/03 06:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2008/01/20 12:51:23 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2011/01/04 15:14:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/09 18:47:22 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/08/04 19:34:37 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Shaina\Application Data\Mozilla\Firefox\Profiles\0fq2dssd.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/01/27 23:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/27 23:07:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/09/02 02:00:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2008/02/04 17:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/01/27 21:12:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\Shaina\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.level2iaas.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Shaina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shaina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/20 11:37:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/27 23:12:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/27 23:12:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/27 21:59:59 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shaina\Desktop\OTL.exe
[2011/01/27 21:04:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/27 21:04:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/27 21:04:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/27 21:04:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/27 21:04:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/13 16:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shaina\Desktop\2011_01_13
[2011/01/06 13:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shaina\Desktop\Incomplete
[2011/01/02 20:55:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/02 20:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/01/02 11:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/01/20 17:05:31 | 002,625,445 | ---- | C] ( ) -- C:\Program Files\klcodec365b.exe

========== Files - Modified Within 30 Days ==========

[2011/01/27 23:34:24 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/01/27 23:34:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/27 23:34:22 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-220523388-839522115-1004.job
[2011/01/27 23:34:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/27 23:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/27 22:46:09 | 004,320,054 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\untitled.bmp
[2011/01/27 22:00:01 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shaina\Desktop\OTL.exe
[2011/01/27 21:12:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/27 20:43:12 | 004,262,472 | R--- | M] () -- C:\Documents and Settings\Shaina\Desktop\ComboFix.exe
[2011/01/27 20:41:03 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\MBRCheck.exe
[2011/01/27 12:04:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-220523388-839522115-1004.job
[2011/01/27 00:50:15 | 000,187,206 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\j13m79 edited.JPG
[2011/01/27 00:45:26 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\Word.lnk
[2011/01/27 00:44:35 | 000,173,305 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\j13m79.jpg
[2011/01/26 22:31:59 | 000,003,139 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\m7b0w3.gif
[2011/01/26 21:35:33 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\ghv9bqve.exe
[2011/01/26 21:20:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/01/26 21:20:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/01/26 08:45:31 | 000,261,508 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG.jpg
[2011/01/25 10:01:02 | 001,130,018 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\loestrin.bmp
[2011/01/24 23:09:46 | 000,016,696 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\lutherna general edited.docx
[2011/01/24 22:21:56 | 000,012,152 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\300 words edited.docx
[2011/01/24 13:49:56 | 000,039,409 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\a.jpg
[2011/01/24 13:20:59 | 000,377,798 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0796.JPG
[2011/01/24 12:52:35 | 000,048,731 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\image.jpg
[2011/01/24 11:52:56 | 004,622,557 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0811.JPG
[2011/01/24 11:07:30 | 004,972,024 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0816.JPG
[2011/01/24 11:06:50 | 004,048,350 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0807.JPG
[2011/01/24 11:06:41 | 004,601,044 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0805.JPG
[2011/01/24 11:06:14 | 005,714,990 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0787.JPG
[2011/01/24 11:05:43 | 004,316,512 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0802.JPG
[2011/01/24 11:05:31 | 004,327,521 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0801.JPG
[2011/01/24 11:05:04 | 003,519,957 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0799.JPG
[2011/01/24 11:00:04 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Shaina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/24 10:45:36 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\Excel.lnk
[2011/01/24 07:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/20 23:20:48 | 000,012,651 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\cohens edited.docx
[2011/01/18 12:45:27 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\Book1.xls
[2011/01/16 23:56:43 | 000,668,068 | ---- | M] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0671.JPG
[2011/01/15 18:05:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/01/27 21:04:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/27 21:04:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/27 21:04:20 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/27 21:04:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/27 21:04:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/27 20:42:56 | 004,262,472 | R--- | C] () -- C:\Documents and Settings\Shaina\Desktop\ComboFix.exe
[2011/01/27 20:41:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\MBRCheck.exe
[2011/01/27 00:50:15 | 000,187,206 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\j13m79 edited.JPG
[2011/01/27 00:44:35 | 000,173,305 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\j13m79.jpg
[2011/01/26 22:31:59 | 000,003,139 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\m7b0w3.gif
[2011/01/26 21:35:33 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\ghv9bqve.exe
[2011/01/26 08:28:23 | 000,261,508 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG.jpg
[2011/01/25 10:01:01 | 001,130,018 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\loestrin.bmp
[2011/01/24 23:09:46 | 000,016,696 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\lutherna general edited.docx
[2011/01/24 22:21:55 | 000,012,152 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\300 words edited.docx
[2011/01/24 13:49:56 | 000,039,409 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\a.jpg
[2011/01/24 12:52:35 | 000,048,731 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\image.jpg
[2011/01/24 11:15:54 | 004,320,054 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\untitled.bmp
[2011/01/24 11:07:28 | 004,972,024 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0816.JPG
[2011/01/24 11:07:09 | 004,622,557 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0811.JPG
[2011/01/24 11:06:49 | 004,048,350 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0807.JPG
[2011/01/24 11:06:40 | 004,601,044 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0805.JPG
[2011/01/24 11:06:27 | 000,377,798 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0796.JPG
[2011/01/24 11:06:12 | 005,714,990 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0787.JPG
[2011/01/24 11:05:42 | 004,316,512 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0802.JPG
[2011/01/24 11:05:30 | 004,327,521 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0801.JPG
[2011/01/24 11:03:51 | 003,519,957 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0799.JPG
[2011/01/20 23:20:48 | 000,012,651 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\cohens edited.docx
[2011/01/18 12:45:23 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\Book1.xls
[2011/01/16 23:55:39 | 000,668,068 | ---- | C] () -- C:\Documents and Settings\Shaina\Desktop\IMG_0671.JPG
[2011/01/11 10:17:26 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Shaina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/23 15:31:04 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/07/23 11:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/18 18:32:22 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/01/20 17:06:09 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/20 11:53:41 | 000,000,057 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/01/20 11:43:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/01/20 06:17:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2008/03/18 22:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/03/27 18:01:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/12/07 10:40:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/01/02 20:55:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/10/11 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/06/17 19:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2006/12/31 19:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/11 18:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/08 16:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/01/20 14:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\.ABC
[2010/08/05 22:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Amazon
[2008/03/18 22:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Broderbund
[2010/12/07 10:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Canon
[2009/06/23 17:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\FireShot
[2011/01/06 13:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\FrostWire
[2009/12/06 19:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Gleim
[2008/01/20 12:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Grisoft
[2009/10/13 19:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\gtk-2.0
[2010/03/17 08:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Lala Music Mover
[2010/04/23 15:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Leadertech
[2009/01/19 19:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\NCH Swift Sound
[2009/06/17 19:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Nitro PDF
[2009/10/25 10:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Opera
[2008/08/03 10:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Panasonic
[2008/05/09 06:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\Snapfish
[2010/07/16 17:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shaina\Application Data\WinPatrol

========== Purity Check ==========



< End of report >
 
Looks good :)

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
The ESET scan was clear, yay!!

Here's the security check log:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````
 
Very well :)

You don't have any AV program running.
Please, install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

======================================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

=========================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Thank you!!

For some reason, Avast isn't working properly and is having trouble connecting to the server when it tries to run updates. Is that something you can help me with, or should I just uninstall and use another program? I don't really like Avira because of those annoying daily popups.

(Other than that, my computer is working perfectly!)

Here's the log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Shaina
->Temp folder emptied: 1354212 bytes
->Temporary Internet Files folder emptied: 144981 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 63354612 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 862 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 364496 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 62.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Shaina
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.6 log created on 01282011_125326

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
I've tried uninstalling and reinstalling 3 times, and each time I try to run updates it says "Error: Cannot connect to server."
 
Oooh, I went into Avast settings and changed the proxy settings. I don't know why I didn't try that before!

Thank you so much for all of your help (and patience)!! You are amazing!
 
Status
Not open for further replies.
Back