infected labtop

All processes killed
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 11117939 bytes
->Temporary Internet Files folder emptied: 650172 bytes
->Java cache emptied: 12250019 bytes
->Flash cache emptied: 1083 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 38784 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nicki
->Temp folder emptied: 237611529 bytes
->Temporary Internet Files folder emptied: 441872465 bytes
->Java cache emptied: 185488 bytes
->Flash cache emptied: 40643 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 527922 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 132760 bytes

Total Files Cleaned = 672.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03302010_225238

Files\Folders moved on Reboot...
C:\Users\Nicki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KEXUG5WB\infected-labtop-t20432[1].htm moved successfully.
C:\Users\Nicki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.

Registry entries deleted on Reboot...

Ok. Now, try the online scan again.

internet explorer cant display that page. when i clicked diagnose problem it said "www.eset.com" is not setup to establish a connection on port "World Wide Web service (HTTP)" with this computer.

Ok. This tool should be able to diagnose it.

Please download RenewMyDNS by DragonMaster Jay.

• Save it to your Desktop.
  
• Right-click on the file and select Extract All...
  
• Choose a location to save extracted files and keep pressing Next until Finish.
  
• Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  
• Follow the prompts, and when finished it will launch a log.
  
• Post that log in your next reply.
  
• After posting the log, delete the folder RenewMyDNS.

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows [Version 6.0.6001]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))



Windows IP Configuration

Host Name . . . . . . . . . . . . : NickiD
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-23-4E-25-D9-88
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ecf9:9a:302d:fa85%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, April 01, 2010 9:34:19 PM
Lease Expires . . . . . . . . . . : Saturday, April 03, 2010 4:41:28 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 93.188.161.105
93.188.166.105
1.2.3.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-1F-16-51-B8-DA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A7D898A1-E72D-4220-B743-5E7E4CB2C068}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:30b3:3634:3f57:fe97(Preferred)
Link-local IPv6 Address . . . . . : fe80::30b3:3634:3f57:fe97%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful
The requested operation requires elevation.



(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=50ms TTL=50

Reply from 209.191.122.70: bytes=32 time=50ms TTL=50

Reply from 209.191.122.70: bytes=32 time=50ms TTL=50

Reply from 209.191.122.70: bytes=32 time=52ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 50ms, Maximum = 52ms, Average = 50ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:

Reply from 64.202.189.170: bytes=32 time=112ms TTL=112

Reply from 64.202.189.170: bytes=32 time=109ms TTL=112

Reply from 64.202.189.170: bytes=32 time=108ms TTL=112

Reply from 64.202.189.170: bytes=32 time=110ms TTL=112



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 108ms, Maximum = 112ms, Average = 109ms



Pinging facebook.com [69.63.181.12] with 32 bytes of data:

Reply from 69.63.181.12: bytes=32 time=102ms TTL=239

Reply from 69.63.181.12: bytes=32 time=96ms TTL=239

Reply from 69.63.181.12: bytes=32 time=96ms TTL=239

Reply from 69.63.181.12: bytes=32 time=97ms TTL=239



Ping statistics for 69.63.181.12:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 96ms, Maximum = 102ms, Average = 97ms



Pinging microsoft.com [207.46.232.182] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.232.182:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

Found it:
DNS Servers . . . . . . . . . . . : 93.188.161.105
93.188.166.105

Those are called DNS hijackers. They have purposely hijacked your Internet connection to "control" which sites you go to, in hopes to not go to security sites.

To get rid of it, please post a new HijackThis log, and I will select the fixes needed.

this labtop is wireless connected to a router on the home computer. that has the same problem will that have to be fixed also.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:43 PM, on 4/2/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\F-Secure\Common\FSLAUNCH.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Users\Nicki\Desktop\hijackthis.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6182 bytes

Well, they did not show up. No wonder.

Please download RegQueryby Noviciate from here and save it to your Desktop.

• Double click RegQuery.exe to run it.
  
• Please copy the following registry keypath:
  

  Code:

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces
  
  
• Paste the text in the open field where it says "Enter Key Name:".
  
• Now, Click the Query button.
  
• A log shall open in Notepad. Please copy and paste the contents of it in your next reply.

Note: The file from RegQuery is not saved on the computer, so please save it or post it in a new reply before closing it.

when i copy and paste it into it it says check key name

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces /s
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces /s
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces /s

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 02:31 on 03/04/2010 by Nicki (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F9C103F-B6B3-4C5C-BC30-9C311B24E06E}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpDefaultGateway"="192.168.1.1"
"DhcpDomain"="hsd1.nj.comcast.net."
"DhcpInterfaceOptions"=0f 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 1d 09 b8 4b 68 73 64 31 2e 6e 6a 2e 63 6f 6d 63 61 73 74 2e 6e 65 74 2e 0c 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 1d 09 b8 4b 4e 69 63 6b 69 44 00 00 06 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 1d 09 b8 4b 5d bc a1 69 5d bc a6 69 01 02 03 04 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1d 09 b8 4b c0 a8 01 01 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1d 09 b8 4b ff ff ff 00 3b 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1d 09 b8 4b 00 01 27 50 3a 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1d 09 b8 4b 00 00 a8 c0 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1d 09 b8 4b 00 01 51 80 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1d 09 b8 4b c0 a8 01 01 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 1d 09 b8 4b 05 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d d9 b6 4b (REG_BINARY)
"DhcpIPAddress"="192.168.1.104"
"DhcpNameServer"="93.188.161.105 93.188.166.105 1.2.3.4"
"DhcpServer"="192.168.1.1"
"DhcpSubnetMask"="255.255.255.0"
"DhcpSubnetMaskOpt"="255.255.255.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0x0000015180 (86400)
"LeaseObtainedTime"= 0x004bb6b79d (1270265757)
"LeaseTerminatesTime"= 0x004bb8091d (1270352157)
"NameServer"=""
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0x004bb7605d (1270308957)
"T2"= 0x004bb7deed (1270341357)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A7D898A1-E72D-4220-B743-5E7E4CB2C068}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpIPAddress"="0.0.0.0"
"DhcpServer"="255.255.255.255"
"DhcpSubnetMask"="255.0.0.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0000000000 (0)
"LeaseObtainedTime"= 0000000000 (0)
"LeaseTerminatesTime"= 0000000000 (0)
"NameServer"=""
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0000000000 (0)
"T2"= 0000000000 (0)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d8932e52-6a6f-11db-b6ab-806e6f6e6963}]
(No values found)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8F9C103F-B6B3-4C5C-BC30-9C311B24E06E}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpDefaultGateway"="192.168.1.1"
"DhcpDomain"="hsd1.nj.comcast.net."
"DhcpInterfaceOptions"=0f 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 1d 09 b8 4b 68 73 64 31 2e 6e 6a 2e 63 6f 6d 63 61 73 74 2e 6e 65 74 2e 0c 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 1d 09 b8 4b 4e 69 63 6b 69 44 00 00 06 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 1d 09 b8 4b 5d bc a1 69 5d bc a6 69 01 02 03 04 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1d 09 b8 4b c0 a8 01 01 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1d 09 b8 4b ff ff ff 00 3b 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1d 09 b8 4b 00 01 27 50 3a 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1d 09 b8 4b 00 00 a8 c0 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1d 09 b8 4b 00 01 51 80 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 1d 09 b8 4b c0 a8 01 01 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 1d 09 b8 4b 05 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d d9 b6 4b (REG_BINARY)
"DhcpIPAddress"="192.168.1.104"
"DhcpNameServer"="93.188.161.105 93.188.166.105 1.2.3.4"
"DhcpServer"="192.168.1.1"
"DhcpSubnetMask"="255.255.255.0"
"DhcpSubnetMaskOpt"="255.255.255.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0x0000015180 (86400)
"LeaseObtainedTime"= 0x004bb6b79d (1270265757)
"LeaseTerminatesTime"= 0x004bb8091d (1270352157)
"NameServer"=""
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0x004bb7605d (1270308957)
"T2"= 0x004bb7deed (1270341357)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A7D898A1-E72D-4220-B743-5E7E4CB2C068}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpIPAddress"="0.0.0.0"
"DhcpServer"="255.255.255.255"
"DhcpSubnetMask"="255.0.0.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0000000000 (0)
"LeaseObtainedTime"= 0000000000 (0)
"LeaseTerminatesTime"= 0000000000 (0)
"NameServer"=""
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0000000000 (0)
"T2"= 0000000000 (0)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d8932e52-6a6f-11db-b6ab-806e6f6e6963}]
(No values found)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces]
(Unable to open key - key not found)

-=End Of File=-

Ok. That is going to be a little hard to reset, so let's have that done like this.

Please go to this page: http://support.microsoft.com/kb/299357

See the section "Fix it for me" and click on the Microsoft Fix it button. That will download a tool to fix the Internet Connection on the problem computer.

Let me know if this has helped.

when i click it, it goes to internet explorer cannot display the page.

You will probably have to download it from a clean computer and transfer it to the infected computer.

The hijacker will not allow you to access Microsoft.com. But, in order to fix this, this tool will have to be run.

Let me know if you can do this or not.

it will take me several days since it seems this thing got both my computers. can i do it the manual way it says?

OK

let me do that

i did that with netsh int ip reset c:\resetlog.txt it said it was successful and to reboot which i did. i still cant update malware antibytes or go to antiviruses sites.

Please download Dial-A-Fix from here.

Save it to your Desktop.

Open Dial-a-fix.exe

Click the green checkmark at the bottom of the window; this should select all options.

Now, click GO.

Allow it to run (the status will be displayed at the bottom), and follow any prompts you receive.

dial-a-fix not ready for vista

You have Vista, but says XP on your profile.

=-=

What is your Internet Service Provider?

the labtop is vista, the home computer is xp. comcast is my internet.

could the home computer be causing this? that is where the internet goes to, then a router sends it wireless to my labtop.

Run a HijackThis on that one, and post the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:32 AM, on 4/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Janet Duross\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268508927609
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://download-games.pogo.com/online2/pogo/luxor_amun_rising/mjolauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6913 bytes

Sorry for the delay. Just trying to figure out what DNS Servers you could have.

Please open Notepad and enter in the following:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F9C103F-B6B3-4C5C-BC30-9C311B24E06E}]
"DhcpNameServer"="68.87.29.164 68.87.76.228"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8F9C103F-B6B3-4C5C-BC30-9C311B24E06E}]
"DhcpNameServer"="68.87.29.164 68.87.76.228"

Then, click File > Save as...
Save as dns.reg to your Desktop.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on dns.reg, and it will ask to Confirm. Please confirm, then reboot your computer.

Lastly, let me know if you still have any website blocks on those sites.

websites are still blocked. the computer has windows security essentials and it wont update.

Open OTL, and click on Quick Scan.

Post a log, please.

OTL logfile created on: 4/7/2010 2:40:37 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Janet Duross\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 393.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.40 Gb Total Space | 57.14 Gb Free Space | 82.33% Space Free | Partition Type: NTFS
Drive D: | 69.89 Gb Total Space | 69.77 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOMMOM
Current User Name: Janet Duross
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/07 02:40:34 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet Duross\Desktop\OTL.exe
PRC - [2010/02/21 06:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/01/12 12:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/09 19:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/11/09 12:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009/01/08 08:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008/04/14 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 02:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/04 07:03:14 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/03 17:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2007/12/11 00:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/04/07 02:40:34 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet Duross\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/09 12:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/07 02:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/04 07:03:14 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 17:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2007/12/11 00:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/03/10 00:30:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268508927609 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://download-games.pogo.com/online2/pogo/luxor_amun_rising/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.161.105 93.188.166.105 1.2.3.4
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/28 20:52:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/07 02:40:12 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Janet Duross\Desktop\OTL.exe
[2010/04/06 12:20:59 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/04/06 12:20:58 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/04/06 12:20:52 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/04/06 12:20:32 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/04/06 12:20:31 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/04/06 12:20:30 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/04/06 12:20:30 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/04/06 12:20:29 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/04/06 12:20:29 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/04/06 12:20:27 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/04/06 12:20:25 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/04/06 12:20:22 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/04/06 12:20:22 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/04/06 12:20:19 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/04/06 12:20:18 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/04/06 12:20:18 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/04/06 12:19:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/06 12:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Duross\Desktop\RenewMyDNS
[2010/04/06 12:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/04/04 00:31:15 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Janet Duross\Desktop\winlogon.scr
[2010/03/31 02:02:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Janet Duross\IECompatCache
[2010/03/31 02:02:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Janet Duross\PrivacIE
[2010/03/31 01:58:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Janet Duross\IETldCache
[2010/03/31 00:04:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\autorun
[2010/03/28 15:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/03/15 19:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/21 03:49:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/08/21 03:49:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/21 03:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/08/21 03:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[29 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/07 02:40:34 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet Duross\Desktop\OTL.exe
[2010/04/06 12:16:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/06 12:16:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/06 12:12:40 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/06 12:11:40 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/06 12:11:40 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/06 12:11:40 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/06 12:10:12 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Janet Duross\Desktop\RenewMyDNS.zip
[2010/04/06 12:07:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/06 12:07:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/06 12:07:16 | 937,938,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/06 12:06:47 | 002,359,296 | ---- | M] () -- C:\Documents and Settings\Janet Duross\ntuser.dat
[2010/04/06 12:05:26 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Janet Duross\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 11:57:54 | 000,000,374 | ---- | M] () -- C:\Documents and Settings\Janet Duross\Desktop\dns.reg
[2010/04/04 00:31:25 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Janet Duross\Desktop\winlogon.scr
[2010/03/31 00:08:04 | 000,230,626 | ---- | M] () -- C:\WINDOWS\System32\Autorun.ini
[29 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/06 12:21:12 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/04/06 12:10:09 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\Janet Duross\Desktop\RenewMyDNS.zip
[2010/04/06 12:05:26 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Janet Duross\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 11:57:54 | 000,000,374 | ---- | C] () -- C:\Documents and Settings\Janet Duross\Desktop\dns.reg
[2010/04/03 15:38:42 | 937,938,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/31 00:08:03 | 000,230,626 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2009/12/01 07:04:08 | 002,359,296 | ---- | C] () -- C:\Documents and Settings\Janet Duross\ntuser.dat
[2009/08/21 05:02:54 | 000,045,056 | -H-- | C] () -- C:\Documents and Settings\Janet Duross\ntuser.dat.LOG
[2009/08/21 05:02:54 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Janet Duross\ntuser.ini
[2009/08/21 05:01:48 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/08/21 05:01:48 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2009/08/21 03:55:47 | 000,000,030 | ---- | C] () -- C:\WINDOWS\1440X900.INI
[2008/10/29 11:55:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/28 21:10:54 | 000,000,109 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/28 21:10:36 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/28 21:05:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIOFM4.dll
[2008/10/28 21:05:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN5.dll
[2008/10/28 21:04:30 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/10/28 21:04:30 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/08/25 04:17:58 | 000,023,634 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/04/14 18:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 18:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 18:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 18:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 18:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/04/14 18:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/25 01:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/25 01:29:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/02/25 01:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/02/25 01:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/02/25 01:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/03/28 03:45:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2001/12/26 20:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 03:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 20:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 02:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/03/28 15:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/11/03 15:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/12/18 03:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2010/04/06 15:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/21 05:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/03/11 01:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/13 15:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Duross\Application Data\PCToolsFirewallPlus
[2010/04/06 12:12:40 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >

OTL Extras logfile created on: 4/7/2010 2:40:37 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Janet Duross\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 393.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.40 Gb Total Space | 57.14 Gb Free Space | 82.33% Space Free | Partition Type: NTFS
Drive D: | 69.89 Gb Total Space | 69.77 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOMMOM
Current User Name: Janet Duross
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"5394:TCP" = 5394:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"9083:TCP" = 9083:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"5318:TCP" = 5318:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Disabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"5394:TCP" = 5394:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"9083:TCP" = 9083:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"5318:TCP" = 5318:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:*:Enabled:AgentSvc.exe -- (NewTech Infosystems, Inc.)
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:*:Enabled:BackupSvc.exe -- (NewTech InfoSystems, Inc.)
"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe" = C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:*:Enabled:SchedulerSvc.exe -- ()
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"WildTangent emachines Master Uninstall" = eMachines Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2010 9:12:17 AM | Computer Name = MOMMOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: A connection with the server could not be established

Error - 4/5/2010 7:15:03 PM | Computer Name = MOMMOM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/5/2010 7:15:04 PM | Computer Name = MOMMOM | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 4/6/2010 12:11:56 PM | Computer Name = MOMMOM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/6/2010 12:12:03 PM | Computer Name = MOMMOM | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 4/6/2010 12:22:37 PM | Computer Name = MOMMOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: A connection with the server could not be established

Error - 4/6/2010 12:22:37 PM | Computer Name = MOMMOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/6/2010 12:41:38 PM | Computer Name = MOMMOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: A connection with the server could not be established

Error - 4/6/2010 3:13:49 PM | Computer Name = MOMMOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: A connection with the server could not be established

Error - 4/7/2010 2:42:14 AM | Computer Name = MOMMOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: A connection with the server could not be established

[ System Events ]
Error - 4/6/2010 12:03:15 PM | Computer Name = MOMMOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/6/2010 12:03:16 PM | Computer Name = MOMMOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/6/2010 12:03:16 PM | Computer Name = MOMMOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/6/2010 12:03:16 PM | Computer Name = MOMMOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/6/2010 12:03:16 PM | Computer Name = MOMMOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/6/2010 12:03:16 PM | Computer Name = MOMMOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/6/2010 12:03:16 PM | Computer Name = MOMMOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/6/2010 12:03:16 PM | Computer Name = MOMMOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/6/2010 12:03:17 PM | Computer Name = MOMMOM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/6/2010 12:11:55 PM | Computer Name = MOMMOM | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.308.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5605.0 Error
code: 0x80072efd Error description: A connection with the server could not be established



< End of report >

OK. Let's see if we can fix this now.

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  :otl
  O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.161.105 93.188.166.105 1.2.3.4
  @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
  
  :commands
  [emptytemp]
  [reboot]
  
  
• Then click the Run Fix button at the top.
  
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\update\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\windowsupdate\ deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.MOMMOM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 95254 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Janet Duross
->Temp folder emptied: 120340 bytes
->Temporary Internet Files folder emptied: 26933887 bytes
->Java cache emptied: 15288343 bytes
->Flash cache emptied: 34979 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 126016 bytes
->Temporary Internet Files folder emptied: 534537 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 5645647 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3964 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04072010_222720

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Janet Duross\Local Settings\Temp\~DFDB6C.tmp not found!
File\Folder C:\Documents and Settings\Janet Duross\Local Settings\Temp\~DFDB7A.tmp not found!
File\Folder C:\Documents and Settings\Janet Duross\Local Settings\Temp\~DFDBD6.tmp not found!
File\Folder C:\Documents and Settings\Janet Duross\Local Settings\Temp\~DFDBE4.tmp not found!
File\Folder C:\Documents and Settings\Janet Duross\Local Settings\Temp\~DFDC16.tmp not found!
File\Folder C:\Documents and Settings\Janet Duross\Local Settings\Temp\~DFDC24.tmp not found!
C:\Documents and Settings\Janet Duross\Local Settings\Temporary Internet Files\Content.IE5\BC6U1OT5\infected-labtop-t20432-45[1].htm moved successfully.
C:\Documents and Settings\Janet Duross\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

So, is the sites loading that were not loading before?

still not loading

Please download TDSSKiller and save it to your Desktop.

• Extract the file and run it.
  
• Once completed it will create a log in your C:\ drive.
  
• Please post the contents of that log.

TDSS rootkit removing tool, Kaspersky Lab, 2010
version 2.2.8.1 Mar 22 2010 10:43:04

Scanning Services ...

Scanning Kernel memory ...

Completed

Results:
Memory objects infected / cured / cured on reboot: 0 / 0 / 0
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 0 / 0 / 0

Press any key to continue . . .


it says hit any key to continue. i hit a key then it goes away.

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

• Double-click mbr.exe to start the program.
  
• When done scanning, it will save a log on the Desktop called mbr.log.
  
• Please post the contents of that log in your next reply.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !

Please open Command Prompt (Start > Run and type CMD and press OK)
Enter the following in to the black box, pressing enter after each line:



Post a log (MBR.log).

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !

Do you have a Windows XP cd or recovery cd? We just need to access some data on the XP disc to help fix this problem, without losing any data.

it didnt come with one but i probably can buy one from the manufacturer for $20. If i bought it and set it back to factory settings do you think that would fix it? If that does fix it, how would I fix my labtop by doing the same thing?

There is nothing important on this computer to save, its the house computer just used for the internbet.

No need for that. I have an alternate method.

Download RC.ISO and save it somewhere you can find it.

Download MagicISO and install it.

Start MagicISO. When it asks you to register, just close that window...the program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

Click "File" on the toolbar and choose "Save As". Name the file RCplus and save it somewhere you can find it.

Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed drop-down menu, choose the top 8X setting. Format should have "Mode 1" selected...if not, select it. Click on the "Burn It!" button.

Once this disk is burned, put it in the machine you're working on and restart.

At the C:\Windows> prompt, Type the following command:

fixmbr


Then, reboot the computer. When you are back in Windows, please re-run the MBR detector and post a log.

that didnt work on the home computer. but i was doing some research of the internet and read about changing my dns to a google's public so thats what i did. i was able with that to update malware antibytes which i couldnt do before. it found 2 dns trojan infections and removed them. here's the log.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

4/13/2010 12:39:25 AM
mbam-log-2010-04-13 (00-39-25).txt

Scan type: Quick scan
Objects scanned: 110759
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8f9c103f-b6b3-4c5c-bc30-9c311b24e06e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

so soon i will do this to the home computer. my question is now do i switch back to automatically find dns servers or keep the google dns server addresses? another question how do i check to make sure that this is completely gone?

Google DNS is ok. You could stick with that, as alternative DNS servers are safer than default servers.

Good job.

Try an online scan to make sure you are clean:

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

the malware antibytes log from the home computer
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3983

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/13/2010 1:53:01 AM
mbam-log-2010-04-13 (01-53-01).txt

Scan type: Quick scan
Objects scanned: 115376
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{480b869d-46f3-4529-946e-c9cbc996b581}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

eset log of home computer
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c93e3b26a2fb744eb93b61feb3978c83
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-13 07:01:06
# local_time=2010-04-13 03:01:06 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776533 100 100 0 11270069 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=59179
# found=0
# cleaned=0
# scan_time=3783

How is the computer running?

better no more redirecting to websites and can go update my antivirus. I just have one more question, what is a good program to keep on my computer to clean out all the temporary files and cookies? Something that basically cleans up crap you don't need to keep.