-
Hi,
Run OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code:
:Services
:OTL
[2012/04/26 17:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\119CKROL.DEFAULT\EXTENSIONS\MQXABXKPOG@MQXABXKPOG.ORG.XPI
[2012/04/12 15:44:55 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
- Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
-
Hi Jeff,
Thanks again for taking your time with this. :)
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.MICHAEL-9L4P8YF
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: michael delwarte
->Java cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 287553 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 26778731 bytes
->Flash cache emptied: 1289 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 26.00 mb
OTL by OldTimer - Version 3.2.42.2 log created on 05022012_143743
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
-
and here is the new scan log, :thanks:
OTL logfile created on: 5/2/2012 2:48:20 PM - Run 5
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.99 Mb Total Physical Memory | 403.78 Mb Available Physical Memory | 39.82% Memory free
2.38 Gb Paging File | 1.96 Gb Available in Paging File | 82.16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 43.04 Gb Free Space | 28.88% Space Free | Partition Type: NTFS
Computer Name: MICHAEL-9L4P8YF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files\UPHClean\uphclean.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\defs\12050201\algo.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Windows (R) Codename Longhorn DDK provider)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (STacSV) -- C:\WINDOWS\System32\stacsv.exe (IDT, Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (iHCService) Intel(R) -- C:\Program Files\Intel\IDU\IDUServ.exe (OSA Technologies, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (ha10kx2k) -- system32\drivers\ha10kx2k.sys File not found
DRV - (emupia) -- system32\drivers\emupia2k.sys File not found
DRV - (CTSBLFX.SYS) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS File not found
DRV - (CTSBLFX) -- system32\drivers\CTSBLFX.SYS File not found
DRV - (ctprxy2k) -- system32\drivers\ctprxy2k.sys File not found
DRV - (CTHWIUT.SYS) -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS File not found
DRV - (CTHWIUT) -- system32\drivers\CTHWIUT.SYS File not found
DRV - (CTEXFIFX.SYS) -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS File not found
DRV - (CTEXFIFX) -- system32\drivers\CTEXFIFX.SYS File not found
DRV - (CTERFXFX.SYS) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS File not found
DRV - (CTERFXFX) -- system32\drivers\CTERFXFX.SYS File not found
DRV - (CTEDSPSY.SYS) -- C:\WINDOWS\System32\drivers\CTEDSPSY.SYS File not found
DRV - (CTEDSPSY) -- system32\drivers\CTEDSPSY.SYS File not found
DRV - (CTEDSPIO.SYS) -- C:\WINDOWS\System32\drivers\CTEDSPIO.SYS File not found
DRV - (CTEDSPIO) -- system32\drivers\CTEDSPIO.SYS File not found
DRV - (CTEDSPFX.SYS) -- C:\WINDOWS\System32\drivers\CTEDSPFX.SYS File not found
DRV - (CTEDSPFX) -- system32\drivers\CTEDSPFX.SYS File not found
DRV - (CTEAPSFX.SYS) -- C:\WINDOWS\System32\drivers\CTEAPSFX.SYS File not found
DRV - (CTEAPSFX) -- system32\drivers\CTEAPSFX.SYS File not found
DRV - (CTAUDFX.SYS) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS File not found
DRV - (CTAUDFX) -- system32\drivers\CTAUDFX.SYS File not found
DRV - (ctaud2k) Creative Audio Driver (WDM) -- system32\drivers\ctaud2k.sys File not found
DRV - (ctac32k) -- system32\drivers\ctac32k.sys File not found
DRV - (CT20XUT.SYS) -- C:\WINDOWS\System32\drivers\CT20XUT.SYS File not found
DRV - (CT20XUT) -- system32\drivers\CT20XUT.SYS File not found
DRV - (COMMONFX.SYS) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS File not found
DRV - (COMMONFX) -- system32\drivers\COMMONFX.SYS File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (SIODRV) -- C:\WINDOWS\system32\drivers\SIODRV.SYS (Intel Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.sys (NETGEAR, Inc.)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (smbusp) Intel(R) -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (Avocent/OSA Technologies Inc.)
DRV - (SMBios) Intel (R) -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (BrUsbScn) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
IE - HKCU\..\SearchScopes\{43BA46F2-627A-4BED-8364-37ADC1A00FAE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{7D30BC5A-D1FA-43D4-8EC4-535813D28409}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\..\SearchScopes\{9F89937E-611A-4897-B6F5-89E1CCCD03EC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {fa1cfe8c-66b4-4469-b360-b60c79d70c28}:5.22.35.6030
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/15 17:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/26 17:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/24 11:39:29 | 000,000,000 | ---D | M]
[2009/01/26 13:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/05/02 14:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\extensions
[2010/04/27 17:59:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/17 19:44:45 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2009/03/15 13:44:17 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\119ckrol.default\searchplugins\aol-search.xml
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\119CKROL.DEFAULT\EXTENSIONS\MQXABXKPOG@MQXABXKPOG.ORG.XPI
[2012/04/15 17:41:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/17 11:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/05/02 14:37:49 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1212714337317 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1212769596000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeup...tent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77B3BB3A-0FAB-42D1-AB17-77A11E5D8029}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5927AE0-655D-4A43-96BF-CDD9CFAB6835}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/05 16:51:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/01 07:12:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/27 15:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/26 17:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/26 17:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/26 17:53:54 | 016,339,280 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 12.0.exe
[2012/04/24 11:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.1
[2012/04/24 11:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/04/21 10:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Forum help 4-21-12
[2012/04/21 10:40:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/04/21 10:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/04/21 10:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/21 10:27:18 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/04/21 10:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2012/04/20 19:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/04/20 19:30:54 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/04/20 19:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/04/20 19:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/04/20 19:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TestApp
========== Files - Modified Within 30 Days ==========
[2012/05/02 14:42:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/02 14:37:49 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/02 14:18:36 | 000,012,852 | ---- | M] () -- C:\WINDOWS\daytimer.ini
[2012/05/02 14:18:36 | 000,000,069 | ---- | M] () -- C:\WINDOWS\dtodebug.ini
[2012/05/02 13:54:50 | 000,000,274 | ---- | M] () -- C:\WINDOWS\DTO2KXSV.INI
[2012/05/02 13:54:48 | 000,000,848 | ---- | M] () -- C:\WINDOWS\DtSync.ini
[2012/05/02 13:51:07 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/02 09:31:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/30 14:24:37 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/04/26 18:39:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/26 17:56:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/26 17:56:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/26 17:53:54 | 016,339,280 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 12.0.exe
[2012/04/26 16:47:46 | 000,000,321 | RHS- | M] () -- C:\boot.ini
[2012/04/26 13:42:14 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/24 12:03:05 | 004,163,282 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FoxitReader51_Manual.pdf
[2012/04/24 11:30:57 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2012/04/23 16:42:55 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/04/23 16:42:55 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/04/21 23:32:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/04/21 23:23:48 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/04/21 10:54:59 | 000,004,712 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2012/04/21 10:40:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/04/21 10:31:37 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/21 10:26:44 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[2012/04/20 19:30:10 | 000,001,427 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sdsetup.exe.lnk
[2012/04/15 04:09:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 15:44:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/12 06:14:19 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 06:14:19 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 06:06:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/02 23:59:34 | 007,576,952 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\12 - Do What You Gotta Do.mp3
========== Files Created - No Company Name ==========
[2012/04/26 17:56:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/26 17:56:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/26 17:56:51 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/04/24 12:02:51 | 004,163,282 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FoxitReader51_Manual.pdf
[2012/04/24 11:30:57 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2012/04/21 10:54:59 | 000,004,712 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\attach.zip
[2012/04/21 10:31:37 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/20 19:30:10 | 000,001,427 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sdsetup.exe.lnk
[2012/04/02 23:59:38 | 007,576,952 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\12 - Do What You Gotta Do.mp3
[2012/02/16 07:37:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/18 17:03:25 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011/06/21 12:20:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/21 12:20:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/21 12:20:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/21 12:20:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/21 12:20:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/26 13:33:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/26 13:33:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/09/23 17:06:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
< End of report >
-
Hi Jeff,
I don't know if this means anything but it is behaving the same way, click on and it goes to Happili - hit back button click again it goes correct.
BUT the difference is the way the site (Happili) looks it is losing its flair, and the several links with descriptions underneath are gone and there is a gobbledygook warning message and that is all - Please see the attached screen shot if you want.
It seems to be losing power - but I don't know anything about this stuff.
Thank you!
Michael
-
Hi Michael,
Sorry for the delay...
We need to reset Firefox to defaults...Before we do so be sure that you have all of your passwords saved someplace. There are many many files related to Firefox and finding the culprit will be like finding a pin in a haystack so this is our best option.
Once you have all of your passwords saved someplace safe do the following...
Go to Start >> Run >> copy/paste the following text in the Code Box to the Run bar and press OK
Code:
firefox -safe-mode firefox-safe-mode
You will now be looking at a box showing FireFox Safe Mode.
Check all the boxes
Press Make Changes and Restart
Now open Firefox and let me know if you are still being redirected.
-
Hi,
Are you still with us? :)
-
Due to lack of feedback, this topic will now be closed.
If you are the original poster and you still require help, please start a new thread.
-------------------