Jump to content

Barb711

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Interests
    Love Christ, and love animals :)
  1. Barb711
    I'm sorry I didn't reply sooner! Everything seems to be running fine now. I truly appreciate your help! You have been so patient and kind and explained things very well. Thank you again for helping me Big Hugs, Barb
  2. Barb711
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:18:22 PM, on 7/28/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\WINDOWS\Logi_MwX.Exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [iPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (MSN Games
  3. Barb711
    It's not on the internet that is slow. It is when I push the button on my computer to turn it on, and as it is loading windows and all that (loading up the desktop stuff, zone alarm, avast antivirus, etc.). If I'm lucky I can get it loaded in 15 minutes; but it is usually 20-30 minutes to load before I can even open programs or folders. I wonder if I have too many programs loading when the computer first starts up. Programs that don't need to be loaded until the are used.
  4. Barb711
    I downloaded and ran the program and here are the results: Test Option: EXTENDED TEST Model Number: WDC WD1200BB-00GUA0 Unit Serial Number: WD-WMALK1169865 Firmware Number: 08.02D08 Capacity: 120.03 GB SMART Status: PASS Test Result: PASS Test Time: 15:58:39, July 23, 2010
  5. Barb711
    Here is what I seen written beneath disk drives: WDC WD1200BB-00GUA0 Generic USB CF Reader USB Device Generic USB MS Reader USB Device Generic USB SD Reader USB Device Generic USB SM Reader USB Device HL-DT-ST DVD-RAM GSA-H55L DVD/CD-ROM drives
  6. Barb711
    Below are the results of the last scan you asked for. Thought I'd let you know that I haven't had any more re-directions while on internet. Not since you had me run OTL with the first code you gave to me. My computer seems to be running pretty good now, except for when it first starts up....which you already explained it could be a failing hard drive. But anyways, below is the scan I ran: OTL logfile created on: 7/22/2010 3:49:22 PM - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\My Documents Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 447.00 Mb Total Physical Memory | 226.00 Mb Available Physical Memory | 51.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 108.07 Gb Total Space | 39.19 Gb Free Space | 36.26% Space Free | Partition Type: NTFS Drive D: | 3.71 Gb Total Space | 1.67 Gb Free Space | 45.12% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BAGLEY Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Owner\My Documents\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\RegCure\RegCure.exe () PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.) PRC - C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.) PRC - C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) PRC - C:\Program Files\SpywareGuard\sgmain.exe () PRC - C:\Program Files\SpywareGuard\sgbhp.exe () PRC - C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe (Visual Networks) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Owner\My Documents\OTL.exe (OldTimer Tools) MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.) SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe () SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.) SRV - (YPCService) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (Freedom) -- C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS File not found DRV - (BOCDRIVE) -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys File not found DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD) DRV - (MBAMDrvService) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.) DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated) DRV - (Vax347b) -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys ( ) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (nvnforce) Service for NVIDIA® nForce -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation) DRV - (nvax) Service for NVIDIA® nForce -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation) DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.) DRV - (SunkFilt39) -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys (Alcor Micro Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (Vax347s) -- C:\WINDOWS\System32\Drivers\Vax347s.sys ( ) DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.) DRV - (DLKRTS) -- C:\WINDOWS\system32\drivers\DLKRTS.SYS (D-Link Corporation ) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. ) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: {C3F23840-B14B-4B61-AAEF-6BCC3621FA63}:1.0 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01 FF - prefs.js..extensions.enabledItems: {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.7 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q=" FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,localhost" FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 01:01:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/14 17:03:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/07/07 00:03:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 21:32:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/21 21:43:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 21:43:27 | 000,000,000 | ---D | M] [2009/05/14 17:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2009/03/17 14:07:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/05/14 17:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2010/07/22 15:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c06vubhk.default\extensions [2010/06/27 23:25:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c06vubhk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/05/18 20:20:15 | 000,000,000 | ---D | M] (PageRage Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c06vubhk.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368} [2009/03/28 15:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c06vubhk.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010/05/18 20:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c06vubhk.default\extensions\plugin@yontoo.com [2010/04/21 12:06:34 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c06vubhk.default\searchplugins\conduit.xml [2010/07/22 15:11:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/07/21 21:43:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/09/01 20:23:20 | 000,000,000 | ---D | M] (Findbasic) -- C:\Program Files\Mozilla Firefox\extensions\{C3F23840-B14B-4B61-AAEF-6BCC3621FA63} [2008/12/04 19:30:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/05/14 17:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/09/03 18:52:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010/07/21 21:43:14 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/07/21 21:43:14 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/07/31 15:23:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2010/07/21 21:43:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2008/06/02 17:02:48 | 000,200,704 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll [2010/07/17 13:00:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/07/17 13:00:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/07/17 13:00:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/07/17 13:00:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/07/17 13:00:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/07/17 13:00:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/07/17 13:00:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2005/08/09 13:42:53 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll [2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2009/12/17 17:36:54 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll [2010/06/26 02:01:57 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/06/26 02:01:57 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/06/26 02:01:57 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/06/26 02:01:57 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/06/26 02:01:57 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/06/26 02:01:57 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/06/26 02:01:57 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/07/16 15:41:53 | 000,411,429 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 127.0.0.1 163ns.com O1 - Hosts: 14245 more lines... O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [iPInSightLAN 02] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe (Visual Networks) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe () O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object) O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (MSN Games
  7. Barb711
    I re-ran OTL again and below are the results: All processes killed ========== OTL ========== Prefs.js: "PageRage Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "PageRage Customized Web Search" removed from browser.search.selectedEngine Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q="O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\efcBqoPi) - File not found removed from keyword.URL ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 162560 bytes User: All Users User: Application Data User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 2046600 bytes ->Temporary Internet Files folder emptied: 1487091 bytes ->Flash cache emptied: 1829 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 972556 bytes ->Flash cache emptied: 18922 bytes User: Owner ->Temp folder emptied: 127458556 bytes ->Temporary Internet Files folder emptied: 44785223 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 82553664 bytes ->Flash cache emptied: 1945107 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 20473 bytes %systemroot%\System32 .tmp files removed: 5614850 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 13784768 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23942002 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 54304 bytes RecycleBin emptied: 73921892 bytes Total Files Cleaned = 361.00 mb OTL by OldTimer - Version 3.2.9.1 log created on 07202010_000414 Files\Folders moved on Reboot... C:\Documents and Settings\Owner\Local Settings\Temp\~DFBCE8.tmp moved successfully. File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found! C:\WINDOWS\temp\Perflib_Perfdata_f4.dat moved successfully. C:\WINDOWS\temp\ZLT03fbc.TMP moved successfully. Registry entries deleted on Reboot... I would also like to ask, why does my computer take so long to load? I have to wait 20 minutes or more before I can even open a browser. This has been going on for a while now, even before this hijacker problem. {my apologies if I wasn't suppose to ask this in this post}
  8. Barb711
    All processes killed ========== OTL ========== Prefs.js: "PageRage Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "PageRage Customized Web Search" removed from browser.search.selectedEngine Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q="O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\efcBqoPi) - File not found removed from keyword.URL ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 162560 bytes User: All Users User: Application Data User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 2046600 bytes ->Temporary Internet Files folder emptied: 1487091 bytes ->Flash cache emptied: 1829 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 972556 bytes ->Flash cache emptied: 18922 bytes User: Owner ->Temp folder emptied: 127458556 bytes ->Temporary Internet Files folder emptied: 44785223 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 82553664 bytes ->Flash cache emptied: 1945107 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 20473 bytes %systemroot%\System32 .tmp files removed: 5614850 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 13784768 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23942002 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 54304 bytes RecycleBin emptied: 73921892 bytes Total Files Cleaned = 361.00 mb OTL by OldTimer - Version 3.2.9.1 log created on 07202010_000414 Files\Folders moved on Reboot... C:\Documents and Settings\Owner\Local Settings\Temp\~DFBCE8.tmp moved successfully. File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found! C:\WINDOWS\temp\Perflib_Perfdata_f4.dat moved successfully. C:\WINDOWS\temp\ZLT03fbc.TMP moved successfully. Registry entries deleted on Reboot...
  9. Barb711
    Sorry, I had a bit of trouble replying. I want to thank you for helping me I did have the pagerage toolbar on my computer, but I removed it before I joined this forum. The problem was still around even after I had removed it. I downloaded both the OTL and GMER Rootkit Scanner. The OTL scan results are below; however, I couldn't get the GMER Rootkit Scanner to work. I tried 3 different times. Sorry OTL logfile created on: 7/19/2010 12:27:57 AM - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\My Documents Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 447.00 Mb Total Physical Memory | 237.00 Mb Available Physical Memory | 53.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 108.07 Gb Total Space | 44.49 Gb Free Space | 41.17% Space Free | Partition Type: NTFS Drive D: | 3.71 Gb Total Space | 1.67 Gb Free Space | 45.12% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BAGLEY Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Owner\My Documents\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.) PRC - C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.) PRC - C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) PRC - C:\Program Files\SpywareGuard\sgmain.exe () PRC - C:\Program Files\SpywareGuard\sgbhp.exe () PRC - C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe (Visual Networks) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Owner\My Documents\OTL.exe (OldTimer Tools) MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.) SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe () SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.) SRV - (YPCService) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (Freedom) -- C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS File not found DRV - (BOCDRIVE) -- C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys File not found DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD) DRV - (MBAMDrvService) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.) DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated) DRV - (Vax347b) -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys ( ) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) DRV - (nvnforce) Service for NVIDIA® nForce -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation) DRV - (nvax) Service for NVIDIA® nForce -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation) DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.) DRV - (SunkFilt39) -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys (Alcor Micro Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (Vax347s) -- C:\WINDOWS\System32\Drivers\Vax347s.sys ( ) DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.) DRV - (DLKRTS) -- C:\WINDOWS\system32\drivers\DLKRTS.SYS (D-Link Corporation ) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. ) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "PageRage Customized Web Search" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: {C3F23840-B14B-4B61-AAEF-6BCC3621FA63}:1.0 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01 FF - prefs.js..extensions.enabledItems: {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&q=" FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,localhost" FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 01:01:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/14 17:03:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/07/07 00:03:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 21:32:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/17 13:00:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/17 13:00:04 | 000,000,000 | ---D | M] [2009/05/14 17:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2009/03/17 14:07:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/05/14 17:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2010/07/18 11:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c06vubhk.default\extensions [2010/06/27 23:25:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c06vubhk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/05/18 20:20:15 | 000,000,000 | ---D | M] (PageRage Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c06vubhk.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368} [2009/03/28 15:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c06vubhk.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010/05/18 20:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c06vubhk.default\extensions\plugin@yontoo.com [2010/04/21 12:06:34 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c06vubhk.default\searchplugins\conduit.xml [2010/07/18 11:54:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/07/11 01:41:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/09/01 20:23:20 | 000,000,000 | ---D | M] (Findbasic) -- C:\Program Files\Mozilla Firefox\extensions\{C3F23840-B14B-4B61-AAEF-6BCC3621FA63} [2008/12/04 19:30:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/05/14 17:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/09/03 18:52:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010/06/26 03:41:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/06/26 03:41:25 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/07/31 15:23:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2010/06/26 03:41:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2008/06/02 17:02:48 | 000,200,704 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll [2010/07/17 13:00:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/07/17 13:00:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/07/17 13:00:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/07/17 13:00:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/07/17 13:00:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/07/17 13:00:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/07/17 13:00:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2005/08/09 13:42:53 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll [2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2009/12/17 17:36:54 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll [2010/06/26 02:01:57 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/06/26 02:01:57 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/06/26 02:01:57 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/06/26 02:01:57 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/06/26 02:01:57 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/06/26 02:01:57 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/06/26 02:01:57 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/07/16 15:41:53 | 000,411,429 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 127.0.0.1 163ns.com O1 - Hosts: 14245 more lines... O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [iPInSightLAN 02] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe (Visual Networks) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe () O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object) O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (MSN Games
  10. Barb711
    Someone in another forum advised me I would need a program called COMBOFIX to get rid of what they believe my problem to be called, "Google Redirect Virus". After downloading COMBOFIX, before running it, I found another website that warned NOT to use it. That it was for technically trained people, not for the common public, because if used incorrectly it could damage your computer. SO, I closed the program and I will not use it as I am not a professional. Still, can you offer me help on how to remove this problem?
  11. Barb711
    I have a hijacker on my computer, and I need help getting it removed. While on computer using IE or Mozilla Firefox, I get redirected to "advertisement" sites OR a supposed google site called "Pagerage." The link below is the most common of re-directions: http://search.conduit.com/ResultsExt.aspx?...yers.yontoo.com I know nothing about this site, nor have I ever visited it (willingly). It says it's powered by Google. Someone mentioned to me that she checked out SEARCH.CONDUIT (which is included in the link above) and that it is some form of hijacker. My computer has all the symptoms of an attack by search.conduit I ran AVAST virus scan (which found nothing), and then I ran MALWAREBYTES ANTI-MALWARE (which nothing showed). I have Hijackthis on my computer, but I don't know how to read the logs to know what to remove and what not to remove. Would you please take a look? Hugs, Barb Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:07:12 PM, on 7/16/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\WINDOWS\Logi_MwX.Exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\RegCure\RegCure.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [iPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (MSN Games
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.