Page 9 of 9 FirstFirst ... 56789
Results 81 to 90 of 90

Thread: Redirect Problems San Jose CA

  1. 2011-01-07, 03:08 #81
    Jack Fischer
    Jack Fischer is offline
    Member
    Join Date
    May 2010
    Posts
    54

    Default Redirect Problems in San Jose CA

    After I posted my last message I downloaded a fully functional trial version of Kaspersky and ran it on my machine. I needed to uninstall my Avira virus protection to do it, but then it ran fine. Here's the report:

    Disinfected (6)
    1/6/2011 2:09:48 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.fl c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\26\2fe9a31a-6f441726.vir High
    1/6/2011 2:09:43 PM Disinfected Trojan program Exploit.Java.Agent.du c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\2\72e3a02-3b65c4e5.vir High
    1/6/2011 2:09:46 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.ft c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\29\5363d3dd-36bf6409.vir High
    1/6/2011 2:09:43 PM Disinfected Trojan program Exploit.Java.Agent.du c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\48\6eeafe70-562fa418.vir High
    1/6/2011 2:09:39 PM Disinfected Trojan program Exploit.Java.Agent.dx c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\5\232ff0c5-79650f5d.vir High
    1/6/2011 2:09:42 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.gi c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\56\64916bb8-60247aaa.vir High
    Deleted (13)
    1/6/2011 2:09:48 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fl c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\26\2fe9a31a-6f441726.vir//dev/s/AdgredY.class High
    1/6/2011 2:09:43 PM Deleted Trojan program Exploit.Java.Agent.du c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\2\72e3a02-3b65c4e5.vir//vmain.class High
    1/6/2011 2:09:46 PM Deleted Trojan program Trojan-Downloader.Java.Agent.ft c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\29\5363d3dd-36bf6409.vir//dev/s/AdgredY.class High
    1/6/2011 2:09:45 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fu c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\29\5363d3dd-36bf6409.vir//dev/s/DyesyasZ.class High
    1/6/2011 2:09:47 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fk c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\26\2fe9a31a-6f441726.vir//dev/s/DyesyasZ.class High
    1/6/2011 2:09:43 PM Deleted Trojan program Exploit.Java.Agent.du c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\48\6eeafe70-562fa418.vir//vmain.class High
    1/6/2011 2:09:45 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fv c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\29\5363d3dd-36bf6409.vir//dev/s/LoaderX.class High
    1/6/2011 2:09:47 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fj c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\26\2fe9a31a-6f441726.vir//dev/s/LoaderX.class High
    1/6/2011 2:09:39 PM Deleted Trojan program Exploit.Java.Agent.dx c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\5\232ff0c5-79650f5d.vir//JavaUpdateApplication.class High
    1/6/2011 2:09:42 PM Deleted Trojan program Trojan-Downloader.Java.Agent.gi c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\56\64916bb8-60247aaa.vir//dev/s/AdgredY.class High
    1/6/2011 2:09:41 PM Deleted Trojan program Trojan-Downloader.Java.Agent.gj c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\56\64916bb8-60247aaa.vir//dev/s/DyesyasZ.class High
    1/6/2011 2:09:38 PM Deleted Trojan program Exploit.Java.Agent.dy c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\5\232ff0c5-79650f5d.vir//JavaUpdateManager.class High
    1/6/2011 2:09:40 PM Deleted Trojan program Trojan-Downloader.Java.Agent.gk c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\56\64916bb8-60247aaa.vir//dev/s/LoaderX.class High

    Can I now uninstall kaspersky and reinstall Avira?

    I'll try to uninstall the new Adobe reader now and then see if I can uninstall Adobe reader 7.07. And run OTL.

    I'll post again in a bit.

    jack
  2. 2011-01-07, 03:41 #82
    Jack Fischer
    Jack Fischer is offline
    Member
    Join Date
    May 2010
    Posts
    54

    Default Redirect Problems in San Jose CA

    Here's the OTL text:

    OTL logfile created on: 1/6/2011 6:21:54 PM - Run 7
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 637.00 Mb Available Physical Memory | 62.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): C:\pagefile.sys 3046 3046 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.21 Gb Total Space | 8.26 Gb Free Space | 22.21% Space Free | Partition Type: NTFS
    Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
    PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/06/10 09:39:16 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2007/02/13 01:39:09 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    PRC - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
    PRC - [2001/09/23 07:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\DellMMKb.exe
    PRC - [2001/09/22 14:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
    PRC - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    PRC - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
    PRC - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP2.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
    MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
    SRV - [2010/08/22 21:28:18 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
    SRV - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
    SRV - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)
    SRV - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOYCEL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2011/01/06 06:44:26 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
    DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
    DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
    DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
    DRV - [2010/03/04 16:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
    DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP)
    DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap)
    DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2009/09/11 19:19:14 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
    DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/01/07 12:31:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2007/01/23 14:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2007/01/23 14:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2007/01/23 14:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2007/01/23 14:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2007/01/23 14:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2006/12/07 14:56:02 | 000,015,104 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
    DRV - [2006/03/28 16:55:20 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
    DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
    DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)
    DRV - [2002/01/10 23:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
    DRV - [2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(r)
    DRV - [2001/11/06 00:00:00 | 000,013,654 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
    DRV - [2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
    DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
    DRV - [2001/08/17 05:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
    DRV - [2001/08/17 04:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
    DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
    DRV - [2001/08/09 18:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
    DRV - [2001/07/25 17:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys -- (winachsf)
    DRV - [2001/07/18 19:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
    DRV - [2001/07/18 19:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
    DRV - [2001/07/18 19:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
    DRV - [2001/07/18 19:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
    DRV - [2001/07/18 19:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
    DRV - [2001/07/18 19:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
    DRV - [2001/07/18 19:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
    DRV - [2001/07/18 19:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
    DRV - [2000/10/03 15:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (Msikbd2k)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: ""
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
    FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 13:34:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/06 18:11:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/08 20:09:14 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/01/06 18:11:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8C17574E-F5C5-41b8-8B36-333FC7E67980}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt_2_x [2011/01/06 06:47:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt_3_1_x [2011/01/06 06:47:40 | 000,000,000 | ---D | M]

    [2010/10/10 11:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions
    [2010/10/10 11:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/01/05 22:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions
    [2009/08/09 07:07:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/07/13 21:34:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/02/23 18:38:45 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\bing.xml
    [2011/01/06 18:01:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/11/06 14:50:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/05 22:41:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/01/06 06:49:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
    [2011/01/06 06:49:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2004/12/22 08:08:32 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    [2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

    O1 HOSTS File: ([2010/12/06 17:58:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe File not found
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DellMMKb.exe (Netropa Corp.)
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
    O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://dev-www.fileplanet.com/fpdlmg...C_1_0_0_41.cab (FilePlanet Download Control Class)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeup...tent/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...scbase9602.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {60F5C72D-84E8-445A-94E7-F84C3A33E924} http://haserv1.liveglobalbid.com/lgbmpr.cab (LgbMediaPlayer Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1124349026031 (WUWebControl Class)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab (HouseCall Control)
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex...l_v1-0-3-0.cab (EPSImageControl Class)
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/...l/gtdownde.cab (Dell PC Checkup Installer Control)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
    O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/01/04 22:19:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/06 06:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
    [2011/01/06 06:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    [2011/01/06 06:44:26 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
    [2011/01/06 01:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    [2011/01/06 01:24:49 | 115,652,856 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Joycellen Floyd\Desktop\kis2011_11.0.2.556-1781EN-US.exe
    [2011/01/05 22:41:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/01/05 22:41:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/01/05 22:41:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/01/05 22:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2011/01/05 22:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2011/01/05 22:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
    [2011/01/05 22:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
    [2010/12/21 13:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joycellen Floyd\Application Data\enchant
    [2010/12/21 13:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joycellen Floyd\AbiSuite
    [2010/12/21 13:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\AbiWord
    [2010/12/21 13:17:53 | 008,335,349 | ---- | C] (AbiSource Developers) -- C:\Documents and Settings\Joycellen Floyd\Desktop\abiword-setup-2.8.6.exe
    [2010/12/15 15:21:13 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
    [2010/12/15 15:20:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
    [2010/12/14 22:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
    [2010/12/10 20:33:33 | 000,000,000 | ---D | C] -- C:\_OTL
    [1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/06 18:18:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/06 18:18:18 | 000,000,312 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
    [2011/01/06 18:18:14 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
    [2011/01/06 18:16:53 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/01/06 18:16:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/06 18:15:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/06 18:15:58 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/06 17:52:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/06 09:16:42 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
    [2011/01/06 09:16:41 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
    [2011/01/06 07:09:46 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2011/01/06 07:09:18 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
    [2011/01/06 06:44:26 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
    [2011/01/06 01:31:00 | 115,652,856 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Joycellen Floyd\Desktop\kis2011_11.0.2.556-1781EN-US.exe
    [2011/01/05 22:20:09 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
    [2011/01/05 22:20:09 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2011/01/03 21:42:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/12/28 10:42:36 | 000,010,599 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\Extreme Makeover for SJ Art Shift.abw
    [2010/12/21 16:17:35 | 000,026,719 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\IMG.jpeg
    [2010/12/21 13:18:31 | 008,335,349 | ---- | M] (AbiSource Developers) -- C:\Documents and Settings\Joycellen Floyd\Desktop\abiword-setup-2.8.6.exe
    [2010/12/20 17:27:41 | 000,065,560 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\NETGEAR_WNR3500.cfg
    [2010/12/16 14:01:51 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/15 22:31:59 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/12/14 22:38:39 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/12/10 20:46:24 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\RootRepeal.zip
    [2010/12/09 12:19:22 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\99hjeu7t.exe
    [1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/06 06:48:56 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
    [2011/01/06 06:48:56 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
    [2011/01/05 22:20:09 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
    [2011/01/05 22:20:09 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2010/12/28 10:42:36 | 000,010,599 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\Extreme Makeover for SJ Art Shift.abw
    [2010/12/21 16:17:33 | 000,026,719 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\IMG.jpeg
    [2010/12/20 17:27:41 | 000,065,560 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\NETGEAR_WNR3500.cfg
    [2010/12/11 14:04:02 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
    [2010/12/10 20:46:22 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\RootRepeal.zip
    [2010/12/09 12:19:21 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\99hjeu7t.exe
    [2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/01/22 07:32:49 | 000,000,221 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2007/07/12 19:47:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\EAL.INI
    [2007/07/12 19:47:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PICTURM8.ini
    [2007/02/26 22:56:21 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
    [2006/09/13 19:52:59 | 000,000,058 | ---- | C] () -- C:\WINDOWS\sview.ini
    [2006/09/13 19:44:36 | 000,131,072 | -H-- | C] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\svfiles.log
    [2006/01/18 18:58:06 | 000,000,681 | ---- | C] () -- C:\WINDOWS\arp.INI
    [2006/01/18 17:21:52 | 000,000,079 | ---- | C] () -- C:\WINDOWS\dpss.ini
    [2006/01/16 22:13:27 | 000,000,395 | ---- | C] () -- C:\WINDOWS\DSSCC.INI
    [2005/05/29 13:40:58 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
    [2005/05/29 13:40:07 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
    [2005/05/29 13:40:07 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
    [2005/05/25 19:26:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/11/29 22:28:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2004/10/06 21:23:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MFSBaseLib2889.dll
    [2004/10/06 21:23:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\MFSIFLib2889.dll
    [2004/09/25 22:08:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS1280.ini
    [2004/09/12 10:25:40 | 000,000,621 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2004/08/16 17:30:47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
    [2004/08/16 17:30:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2004/05/30 15:18:38 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2004/04/14 15:13:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
    [2004/04/09 06:06:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\EPSPTDV.DLL
    [2004/03/22 20:44:47 | 000,002,552 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
    [2004/03/22 20:44:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ICE.INI
    [2004/03/08 19:59:17 | 000,000,590 | ---- | C] () -- C:\WINDOWS\hegames.ini
    [2004/02/09 19:36:21 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
    [2004/01/10 19:42:03 | 000,050,012 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
    [2004/01/05 21:18:58 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
    [2004/01/05 19:34:24 | 000,000,080 | ---- | C] () -- C:\WINDOWS\webica.ini
    [2004/01/05 19:07:42 | 000,000,580 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/01/05 17:31:34 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/01/05 00:39:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPC60.ini
    [2004/01/04 22:43:20 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
    [2004/01/04 22:43:20 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
    [2004/01/04 22:43:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
    [2004/01/04 22:43:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2004/01/04 14:00:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/11/03 15:38:02 | 000,007,731 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
    [2003/03/27 15:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
    [2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
    [2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
    [1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
    [1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
    [1995/09/15 16:31:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

    ========== LOP Check ==========

    [2008/12/14 14:33:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2009/11/15 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2010/03/07 17:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2008/10/14 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
    [2010/03/07 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
    [2006/01/18 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2010/06/05 14:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/03/23 17:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/12 21:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/11/09 22:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/06 20:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2006/01/11 22:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Acoustica
    [2009/09/11 20:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Amazon
    [2010/08/02 07:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Cisco
    [2006/01/18 19:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Digital Photo Slide Show
    [2010/12/21 13:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\enchant
    [2005/04/14 18:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ICAClient
    [2004/01/05 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Leadertech
    [2004/05/19 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Learn2.com
    [2006/01/20 19:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Netscape
    [2008/05/01 20:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Opera
    [2009/11/14 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\QuadToneRIP
    [2010/10/10 11:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird
    [2004/05/30 15:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ubi.com
    [2006/01/18 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Ulead Systems
    [2010/06/05 14:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Uniblue

    ========== Purity Check ==========



    < End of report >


    Do you still want to run ESET?

    jack
  3. 2011-01-07, 08:35 #83
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Jack ,

    How did the update of Adobe Reader go?

    Can I now uninstall kaspersky and reinstall Avira?
    Yes.

    Do you still want to run ESET?
    No longer needed. The previous Kaspersky scan is enough.

    Are you still experiencing problems?

    --------------------

    Please run ERUNT to backup the registry. This is important before you continue.

    Fix with OTL
    • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
    • If you need help to disable your protection programs see here and here.
    • Double click on OTL.exe to run it.
    • Copy and paste ALL the following text into the white box below Custom Scans/Fixes:
      Code:
      :otl
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
[2010/11/06 14:50:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

:commands
[CREATERESTOREPOINT]
[emptytemp]
    • Click Run Fix.
    • Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
    • If requested to reboot, please do so. The log file will open after restart.
    • Enable back your security softwares as soon as you completed the OTL fix steps.


    --------------------

    Please post back:
    1. progress of Adobe Reader
    2. any more problems?
    3. the OTL fix log
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  4. 2011-01-08, 08:42 #84
    Jack Fischer
    Jack Fischer is offline
    Member
    Join Date
    May 2010
    Posts
    54

    Default Redirect Problems in San Jose CA

    Hi J/J.

    No luck with Adobe Reader. I uninstalled the new version and tried to delete verions 7.07 in the add/remove programs window and it gave me an error message saying something to the effect that the patch did not exist.

    No other redirects since we flushed the router.

    Here's the OTL log:

    All processes killed
    ========== OTL ==========
    Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ not found.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point (0)

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: BB443B11-7D12-450c-9F85-2D32804655F9

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: Joycellen Floyd
    ->Temp folder emptied: 285353631 bytes
    ->Temporary Internet Files folder emptied: 2694142 bytes
    ->Java cache emptied: 161696 bytes
    ->FireFox cache emptied: 96151127 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 17478 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3164247 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 15557 bytes

    Total Files Cleaned = 370.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 01072011_225618

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\kls7F13.tmp moved successfully.

    Registry entries deleted on Reboot...


    cheers,

    jack
  5. 2011-01-08, 14:09 #85
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Jack ,

    Try Revo Uninstalller to remove all the Adobe Reader versions, then start over by installing the new one.

    You can delete these files if they are still there:
    C:\Documents and Settings\Joycellen Floyd\Desktop\7z920.exe
    C:\Documents and Settings\Joycellen Floyd\Desktop\58bs8qew.exe

    --------------------

    I guess we are done here.

    Congratulations, you are All Clear to go. Glad to hear everything is good and running . If you have any more problems, please let me know.

    Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
    • Go to Start > Run.... Copy and paste the following text into the white box:
      ComboFix /uninstall
      Click OK.
    • Run OTL by double clicking on OTL.exe. Click on CleanUp, proceed to reboot if prompted.
    • Delete the GMER (99hjeu7t.exe), CKScanner, Rookit Unhooker and RootRepeal files on your desktop.
    • Delete any logs on the desktop.


    Some tips to help you stay clean and safe:

    1. Keep your Windows up to date. Enable Automatic Updates for Windows XP to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

    2. Update your Antivirus program regularly, it is a must for constant protection against viruses. If you do not have one, Microsoft Security Essentials, Avast and Avira are some great and free antivirus programs that you can try. For paid versions, Avast, ESET NOD32 and Kaspersky are some good options. Please keep only one AV installed.

    3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

    4. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications.

    5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose.

    6. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.

    7. Protect your computer from removable or USB drive infections with Panda USB Vaccine, an effective method to prevent malware from spreading.

    8. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

    9. Install a third party firewall if you do not have one for additional defense against internet dangers. Built-in Windows firewall can only keep nasties from breaking in, but unable to protect against any malwares from sending information out. Some recommended firewalls are Online Armor, Outpost and PC Tools. More information on firewalls. Please keep only one FW installed.

    10. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

    11. Also look up:
    Computer Security - a short guide to staying safer online
    PC Safety and Security - What Do I Need? By Glaswegian
    How to prevent malware: By miekiemoes
    So how did I get infected in the first place? By Tony Klein
    Microsoft Online Safety

    Stay safe.
    Last edited by Jack&Jill; 2011-01-08 at 14:10.
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  6. 2011-01-11, 08:14 #86
    Jack Fischer
    Jack Fischer is offline
    Member
    Join Date
    May 2010
    Posts
    54

    Default Redirect Problems in San Jose CA

    No luck with Rebo Uninstaller. I looked in the program files where the other Adobe products are and 7.07 is not there, so perhaps the icon in the install/uninstall window is just an orphan icon. I'll mess with it some more.

    I'll delete the files and remove the utilities as you suggested.

    You were immensely helpful and gave me a great deal of you time. Thank you! Is donating to Spybot at the donate button the best place to show my appreciation?

    And may I ask, where on earth are you?

    Best,

    jack
  7. 2011-01-11, 16:01 #87
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Jack ,

    You are most welcome.

    No luck with Revo Uninstaller. I looked in the program files where the other Adobe products are and 7.07 is not there, so perhaps the icon in the install/uninstall window is just an orphan icon. I'll mess with it some more.
    Most likely orphaned as you said. Please follow the below instructions. This has to be done with the new version uninstalled.

    Please download the latest HijackThis© from Trend Micro. Click here.
    It is important that you uninstall any previous versions by using Add/Remove programs in your control panel before installing a newer version.
    • Save HJTInstall.exe to your desktop.
    • Double click on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis.
    • Click Install and read through the End User License Agreement.
    • Accept it to continue and HijackThis will launch once complete installation.


    Delete orphaned Adobe Reader
    • Go to Open the Misc Tools section by clicking on the box.
    • Under the Systems tools, look for Open Uninstall Manager and click on it.
    • You will see a list of programs on the left pane. Select Adobe Reader 7.0.7.
    • Click Delete this entry. Confirm if prompted and exit the program.


    You can then uninstall HijackThis via Add/Remove Programs at the Control Panel.

    --------------------

    Is donating to Spybot at the donate button the best place to show my appreciation?
    Saying thank you like you did already warms the heart. Donation is not compulsory, but if you do donate, we would be grateful.

    And may I ask, where on earth are you?
    Can't you see it below my avatar on the left side of the page?
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  8. 2011-01-14, 03:34 #88
    Jack Fischer
    Jack Fischer is offline
    Member
    Join Date
    May 2010
    Posts
    54

    Default Redirect Problems in San Jose CA

    All the cleanup and installations done.

    A last matter. The machine seems a bit sluggish. I can defrag it, but did we do anything that might account for that? I recall early on we uninstalled some Intel app.

    Where in South East Asia?

    Cheers,

    jack
  9. 2011-01-14, 06:08 #89
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Jack ,

    Here are some pointers to help on computer running slow. Our cleaning steps should not have an impact on the computer's speed.

    Where in South East Asia?
    I would prefer to keep it as it is.
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  10. 2011-01-15, 02:17 #90
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    As your problems appear to have been resolved, this topic is now closed.

    We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
    Your donation helps in improving Spybot-S&D!
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules