Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirects in searches from Google and Yahoo [Solved]


  • This topic is locked This topic is locked

#1
PoppaSteve

PoppaSteve

    New Member

  • Member
  • Pip
  • 8 posts
Hi Guys,

I am finally stymied. I get redirected to other sites when attempting to click a link from a search result from either Google or Yahoo.

This happens in both IE 6 and Firefox 3. When I go back to the search result page, I am then able to get to the desired page, but then am unable to click back to the search results (I am taken back to either Google or Yahoo home pages).

I figured I had a virus, and so tried Smitfraudfix and scans from my own installation of AVG Free, and then tried the Kapersky online scan. Nothing has helped so far.

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:29 PM, on 4/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [winupdate] C:\Documents and Settings\Steve\Application Data\uninstall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [winupdate] C:\Documents and Settings\Steve\Application Data\uninstall.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4258 bytes


I have tried installing and running Malwarebytes, but it will not start. I downloaded the trial version of Kapersky and deleted my AVG Free 8.5 to try and install it. Kapersky didn't work, and now I cannot reinstall AVG Free.

The machine is still functional, but something is obviously very wrong. Any help you can give would be appreciated.

Thanks!

Edited by PoppaSteve, 21 April 2009 - 01:09 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I have two programmes I wish you to run. Please run them in order and post the logs/zip files :)

PROGRAMME ONE

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both zip files to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

PROGRAMME TWO

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#3
PoppaSteve

PoppaSteve

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks so much for your quick assistance!

I have run both programs, and here are the results:

OTListIt logfile created on: 4/21/2009 10:52:29 PM - Run 9
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.48% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 122.21 Gb Free Space | 52.49% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 115.52 Gb Free Space | 62.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERASMUSMKVII
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== LOP Check ==========

[6 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/04/21 13:28:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/09/11 00:15:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/09/12 16:20:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/09/12 16:21:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/12/02 15:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/04/21 13:31:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/18 16:06:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/09/16 12:26:43 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/09/10 13:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2008/11/06 10:27:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2008/09/16 12:29:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/04/21 11:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/09/11 00:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/11/09 14:38:34 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/09/16 12:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/09/20 10:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/03/18 11:29:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/03/18 16:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2009/04/17 21:01:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/09/16 22:40:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/01 12:11:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/03/05 10:54:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/09/17 18:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/09/20 10:09:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2008/10/06 21:55:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/19 10:16:24 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Steve\Application Data
[2008/09/11 00:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Adobe
[2008/09/22 19:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Amazon
[2009/01/28 23:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Apple Computer
[2008/09/17 10:49:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\ATI
[2009/01/13 10:56:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Bioshock
[2008/10/08 21:22:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Canon
[2008/09/25 13:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Digital Red
[2008/09/10 13:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\EA
[2008/10/28 18:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Google
[2008/09/10 22:34:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Identities
[2008/09/20 10:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\InstallShield
[2009/01/01 07:59:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Jägermeister RadioPlayer
[2009/03/11 00:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\LimeWire
[2008/09/10 21:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Macromedia
[2009/04/21 13:28:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Steve\Application Data\Microsoft
[2009/01/01 12:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla
[2009/04/20 10:45:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\OpenOffice.org2
[2009/02/12 11:31:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Pingus
[2008/09/10 21:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Pogo Games
[2009/01/06 23:57:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Real
[2009/01/30 16:06:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Roxio
[2008/09/16 12:29:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\ScanSoft
[2008/09/16 23:12:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Steve\Application Data\SecuROM
[2009/03/18 16:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony
[2008/09/10 13:02:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sun
[2008/09/10 13:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Talkback
[2009/01/01 12:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\TomTom
[2008/09/17 18:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Ubisoft
[2009/04/20 18:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\uTorrent
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/21 22:47:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA975924
< End of report >


I did not get an "Extras.txt" file to generate.

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK found it you have a rootkit, so lets see if we can winkle it out

AVZ FIX

  • Double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     DeleteFile('\\?\globalroot\systemroot\system32\gxvxcdwxprfvivwiqgfaywbnrerxmbsknblov.dll');
     BC_DeleteFile('\\?\globalroot\systemroot\system32\gxvxcdwxprfvivwiqgfaywbnrerxmbsknblov.dll');
     BC_DeleteFile('C:\Documents and Settings\Steve\Application Data\uninstall.exe');
     DeleteFile('C:\Documents and Settings\Steve\Application Data\uninstall.exe');
    BC_ImportDeletedList;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically.

ON COMPLETION

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach the zip file to your next post


THEN

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a OTListit log so we can continue cleaning the system.

  • 0

#5
PoppaSteve

PoppaSteve

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you so much Mr. Essex! (I think "Mr. Boy" is a bit too informal, no? :) )

I have attached the AVZ logfile.

Here is the ComboFix log:

ComboFix 09-04-23.02 - Steve 04/22/2009 16:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1678 [GMT -5:00]
Running from: c:\documents and settings\Steve\Desktop\Combo-Fix.exe
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\gxvxcoymetxqmowyvktltaqgosxvllrlqnkds.sys
c:\windows\system32\drivers\gxvxcppqrtmrmpxuirrntyxujrwhsrqpavkme.sys
c:\windows\system32\drivers\gxvxcswrriqoqxrxmkypdvjoewboeigbphess.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcdwxprfvivwiqgfaywbnrerxmbsknblov.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 )))))))))))))))))))))))))))))))
.

2009-04-21 18:23 . 2009-02-16 05:10 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-04-21 18:23 . 2009-04-22 21:10 350192 ----a-w c:\windows\system32\vsconfig.xml
2009-04-21 17:10 . 2009-04-21 17:10 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-21 16:11 . 2009-04-21 16:11 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-17 21:59 . 2009-04-17 21:59 -------- d-----w c:\documents and settings\Steve\Local Settings\Application Data\Criterion Games
2009-04-17 21:56 . 2009-04-17 21:56 -------- d-----w C:\ProgramData
2009-04-16 11:30 . 2009-04-18 02:01 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-15 23:44 . 2009-04-15 23:44 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-14 21:19 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-14 21:19 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 21:19 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 21:19 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 21:19 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-14 21:19 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 21:19 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 21:19 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 21:19 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 21:18 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 21:18 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 21:18 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-11 23:33 . 2009-04-11 23:33 794694 ----a-w c:\windows\easterwp.bmp
2009-04-02 02:34 . 2009-04-09 02:56 764 ----a-w c:\documents and settings\Incomplete\downloads.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 20:44 . 2009-04-22 20:45 1376256 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-04-21 18:31 . 2008-09-11 05:11 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-21 18:23 . 2008-09-11 05:06 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-20 23:39 . 2008-09-17 04:13 -------- d-----w c:\documents and settings\Steve\Application Data\uTorrent
2009-04-20 18:15 . 2009-04-20 18:15 -------- d-----w c:\program files\ERUNT
2009-04-20 15:45 . 2008-09-10 18:03 -------- d-----w c:\documents and settings\Steve\Application Data\OpenOffice.org2
2009-04-19 22:29 . 2008-09-17 03:53 -------- d-----w c:\program files\Electronic Arts
2009-04-17 21:56 . 2008-09-11 04:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 20:42 . 2008-11-29 16:59 7114914 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-16 16:25 . 2008-09-20 14:31 -------- d-----w c:\program files\Telltale Texas Hold'Em
2009-04-15 23:44 . 2008-12-30 14:23 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-15 23:44 . 2008-09-10 18:02 -------- d-----w c:\program files\Java
2009-04-15 12:41 . 2009-04-15 12:41 -------- d-----w c:\program files\Trend Micro
2009-04-15 00:24 . 2008-11-09 19:25 -------- d-----w c:\program files\Common Files\Sony Shared
2009-04-15 00:24 . 2008-11-09 19:23 -------- d-----w c:\program files\Sony
2009-03-27 03:31 . 2009-03-19 14:41 13335 ----a-w c:\documents and settings\All Users\Application Data\xml63.tmp
2009-03-27 03:31 . 2009-03-04 02:02 2311 ----a-w c:\documents and settings\All Users\Application Data\xml10.tmp
2009-03-27 03:31 . 2009-03-04 02:02 9017 ----a-w c:\documents and settings\All Users\Application Data\xmlE.tmp
2009-03-23 21:40 . 2009-03-16 22:43 -------- d-----w c:\program files\EA Games
2009-03-19 19:40 . 2009-03-19 19:40 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-03-19 19:40 . 2009-03-19 19:40 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-19 19:32 . 2009-03-19 19:32 24616 ----a-w c:\windows\system32\drivers\ggsemc.sys
2009-03-19 19:32 . 2009-03-19 19:32 13224 ----a-w c:\windows\system32\drivers\ggflt.sys
2009-03-19 19:32 . 2009-03-19 19:32 1107296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
2009-03-19 19:31 . 2009-03-18 21:06 -------- d-----w c:\program files\Sony Ericsson
2009-03-19 04:25 . 2009-03-18 16:19 -------- d-----w c:\program files\Sony Setup
2009-03-18 21:15 . 2009-03-18 16:29 -------- d-----w c:\documents and settings\Steve\Application Data\Sony
2009-03-18 21:06 . 2009-03-18 21:06 -------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2009-03-18 21:06 . 2009-03-18 21:06 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-03-18 16:29 . 2009-03-18 16:29 -------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-03-16 22:42 . 2009-02-10 04:01 -------- d-----w c:\program files\AGEIA Technologies
2009-03-16 22:41 . 2009-03-16 22:41 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-11 05:16 . 2008-09-18 03:12 -------- d-----w c:\program files\LimeWire
2009-03-11 05:08 . 2008-09-16 22:40 -------- d-----w c:\documents and settings\Steve\Application Data\LimeWire
2009-03-11 04:19 . 2009-03-11 04:19 19532176 ----a-w c:\documents and settings\Steve\Application Data\LimeWireWin.exe
2009-03-07 00:31 . 2008-09-16 23:00 -------- d-----w c:\program files\PopCap Games
2009-03-06 14:22 . 2004-08-04 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-05 15:54 . 2009-03-05 15:54 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-03-04 18:12 . 2009-03-04 18:11 -------- d-----w c:\program files\CPU-Z
2009-03-04 02:02 . 2009-03-04 02:02 0 ----a-w c:\documents and settings\All Users\Application Data\xmlF.tmp
2009-03-04 02:02 . 2009-03-04 02:02 -------- d-----w c:\program files\SiSoftware
2009-03-04 01:41 . 2008-09-12 14:48 4590 ----a-w c:\documents and settings\All Users\Application Data\xml5E.tmp
2009-03-04 01:41 . 2008-09-12 14:48 17992 ----a-w c:\documents and settings\All Users\Application Data\xml5D.tmp
2009-02-20 08:10 . 2006-03-04 03:33 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-04 10:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 10:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 10:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 10:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 10:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-04 10:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2005-03-30 01:21 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 10:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2005-03-30 01:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-04 10:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-06 19:58 . 2008-09-10 17:06 16840 ----a-w c:\documents and settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-11-06 15:24 . 2008-11-06 15:24 69024 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-09-17 04:12 . 2008-09-17 04:12 128 ----a-w c:\documents and settings\Steve\Local Settings\Application Data\fusioncache.dat
2008-09-17 04:00 . 2008-09-17 04:00 22328 ----a-w c:\documents and settings\Steve\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-06-18 393216]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-03-05 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 148888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-26 16132608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutParadise.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-03-19 13224]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2008-12-11 98488]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4408bce-d826-11dd-beee-00173fb1eb1b}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\2fh1ce9s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 16:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-484763869-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ef,e9,dd,7b,44,fa,40,ca,86,49,42,a5,cb,3f,9d,49,1e,1f,20,e9,09,d5,ac,
28,62,2e,b8,6d,fa,1d,bc,4b,cb,c0,09,40,94,21,54,8f,4f,2e,95,4a,0c,5c,96,b5,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-790525478-484763869-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:49,2d,35,c6,ac,cf,50,fb,fe,f2,43,b7,2c,fe,7e,d2,85,6d,88,1f,7b,
33,80,7e,c7,d1,60,d0,5b,69,1e,41,9f,72,d9,17,80,72,bb,a8,aa,1b,48,9f,c6,b0,\
"rkeysecu"=hex:35,29,40,15,76,24,57,fa,90,be,17,50,03,42,2c,6d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-22 16:13
ComboFix-quarantined-files.txt 2009-04-22 21:13

Pre-Run: 131,104,661,504 bytes free
Post-Run: 131,529,474,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

214 --- E O F --- 2009-04-15 21:21


And here is the OTListIt.txt file:

OTListIt logfile created on: 4/22/2009 4:17:34 PM - Run 11
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.80% Memory free
3.85 Gb Paging File | 3.62 Gb Available in Paging File | 94.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 122.51 Gb Free Space | 52.62% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 115.52 Gb Free Space | 62.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERASMUSMKVII
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Steve\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (SandraAgentSrv [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (BLKWGU(Belkin) [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\BLKWGU.sys (Belkin Corporation)
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (cercsr6 [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (DLABMFSM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLABMFSM.SYS (Roxio)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLABOIOM.SYS (Roxio)
DRV - (DLACDBHM [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DLADResM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLADResM.SYS (Roxio)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAPoolM.SYS (Roxio)
DRV - (DLARTL_M [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS (Roxio)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS (Roxio)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Roxio)
DRV - (ENTECH [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys (EnTech Taiwan)
DRV - (ggflt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (s0016bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s0016bus.sys (MCCI Corporation)
DRV - (s0016mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016nd5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s0016nd5.sys (MCCI Corporation)
DRV - (s0016obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s0016obex.sys (MCCI Corporation)
DRV - (s0016unic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s0016unic.sys (MCCI Corporation)
DRV - (s616bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616bus.sys (MCCI Corporation)
DRV - (s616mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mdfl.sys (MCCI Corporation)
DRV - (s616mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mdm.sys (MCCI Corporation)
DRV - (s616mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mgmt.sys (MCCI Corporation)
DRV - (s616nd5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616nd5.sys (MCCI Corporation)
DRV - (s616obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616obex.sys (MCCI Corporation)
DRV - (s616unic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616unic.sys (MCCI Corporation)
DRV - (SANDRA [On_Demand | Stopped]) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys (SiSoftware)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ZDPSp50 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/15 14:11:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/15 18:44:53 | 00,000,000 | ---D | M]

[2009/04/15 14:11:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\mozilla\Extensions
[2009/04/15 14:11:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/01 12:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\mozilla\Extensions\[email protected]
[2009/03/10 23:21:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\mozilla\Extensions\[email protected]
[2009/04/22 14:07:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\mozilla\Firefox\Profiles\2fh1ce9s.default\extensions
[2009/04/16 10:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\mozilla\Firefox\Profiles\2fh1ce9s.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2009/04/22 14:07:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/15 14:11:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/15 18:44:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/26 14:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 14:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 13:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 13:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 13:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 13:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 13:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 13:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 13:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon (Sony Ericsson Mobile Communications AB)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{b4408bce-d826-11dd-beee-00173fb1eb1b}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\*.tmp files]
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/04/22 16:15:26 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/22 16:04:22 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/22 16:04:18 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/22 16:04:17 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/22 16:03:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/22 16:03:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/22 16:03:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/22 16:03:10 | 00,109,568 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/22 16:03:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/22 16:03:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/22 16:03:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/22 16:03:10 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/22 16:02:55 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/04/22 16:02:53 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/22 16:00:43 | 02,999,323 | R--- | C] () -- C:\Documents and Settings\Steve\Desktop\Combo-Fix.exe
[2009/04/21 22:49:44 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTListIt2.exe
[2009/04/21 21:15:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\avz4
[2009/04/21 20:51:52 | 04,626,422 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\avz4.zip
[2009/04/21 13:23:00 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/04/21 11:11:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/04/21 03:29:53 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\GooredFix.exe
[2009/04/20 13:15:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/20 13:15:24 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\NTREGOPT.lnk
[2009/04/20 13:15:24 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\ERUNT.lnk
[2009/04/20 13:15:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/20 13:14:17 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Steve\Desktop\erunt_setup.exe
[2009/04/20 10:34:29 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve\Desktop\mbam-setup.exe
[2009/04/18 18:13:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\New Folder
[2009/04/17 17:20:48 | 00,000,928 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Shortcut to BurnoutParadise.exe.lnk
[2009/04/17 16:59:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\Criterion Games
[2009/04/17 16:56:39 | 00,000,000 | ---D | C] -- C:\ProgramData
[2009/04/17 16:37:10 | 00,020,963 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Burnout_Paradise_(no-cd)_Crack___KeyGen_[PC].4719079.TPB(2).torrent
[2009/04/17 16:36:07 | 00,020,963 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Burnout_Paradise_(no-cd)_Crack___KeyGen_[PC].4719079.TPB.torrent
[2009/04/16 06:30:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/15 14:11:18 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/15 14:11:17 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/04/15 07:41:11 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\HijackThis.lnk
[2009/04/15 07:41:11 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/14 16:19:29 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/14 16:19:29 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/14 16:19:29 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/14 16:19:29 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/14 16:19:29 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/14 16:19:29 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/14 16:19:28 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/14 16:19:28 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/14 16:19:28 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/14 16:18:43 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/14 16:18:43 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 16:18:43 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/12 09:06:39 | 00,018,913 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Painkiller_patches.4530398.TPB.torrent
[2009/04/11 18:33:53 | 00,794,694 | ---- | C] () -- C:\WINDOWS\easterwp.bmp
[2009/04/06 09:01:17 | 00,015,719 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Burnout.Paradise.The.Ultimate.Box-RELOADED.4821127.TPB.torrent
[2009/04/01 07:11:55 | 00,068,608 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Portal info.doc
[2009/03/23 16:41:23 | 00,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\American McGee's Alice™.lnk
[2008/10/24 15:29:27 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/20 10:08:20 | 00,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/16 12:30:08 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/09/13 11:26:28 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/11/26 22:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2005/07/12 14:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/08/04 05:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/23 16:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/04/22 16:13:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/22 16:12:53 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/22 16:10:26 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/04/22 16:10:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/22 16:10:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/22 16:10:15 | 00,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/04/22 16:04:22 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/04/22 16:00:43 | 02,999,323 | R--- | M] () -- C:\Documents and Settings\Steve\Desktop\Combo-Fix.exe
[2009/04/22 11:44:37 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 10:51:32 | 00,000,031 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/04/21 22:49:46 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTListIt2.exe
[2009/04/21 20:52:40 | 04,626,422 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\avz4.zip
[2009/04/21 13:23:10 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/04/21 09:58:08 | 00,109,568 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/21 03:29:53 | 00,094,208 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\GooredFix.exe
[2009/04/20 13:15:24 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\NTREGOPT.lnk
[2009/04/20 13:15:24 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\ERUNT.lnk
[2009/04/20 13:14:21 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Steve\Desktop\erunt_setup.exe
[2009/04/20 10:34:45 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Steve\Desktop\mbam-setup.exe
[2009/04/17 17:20:48 | 00,000,928 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Shortcut to BurnoutParadise.exe.lnk
[2009/04/17 16:37:11 | 00,020,963 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Burnout_Paradise_(no-cd)_Crack___KeyGen_[PC].4719079.TPB(2).torrent
[2009/04/17 16:36:07 | 00,020,963 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Burnout_Paradise_(no-cd)_Crack___KeyGen_[PC].4719079.TPB.torrent
[2009/04/15 14:11:18 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/15 07:41:11 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\HijackThis.lnk
[2009/04/14 17:18:52 | 00,516,186 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/14 17:18:52 | 00,436,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/14 17:18:52 | 00,070,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/14 17:06:09 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/12 09:06:29 | 00,018,913 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Painkiller_patches.4530398.TPB.torrent
[2009/04/11 18:33:53 | 00,794,694 | ---- | M] () -- C:\WINDOWS\easterwp.bmp
[2009/04/06 09:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/06 09:01:13 | 00,015,719 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Burnout.Paradise.The.Ultimate.Box-RELOADED.4821127.TPB.torrent
[2009/04/01 07:12:02 | 00,068,608 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Portal info.doc
[2009/03/27 01:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/23 16:41:23 | 00,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\American McGee's Alice™.lnk

========== LOP Check ==========

[6 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/04/21 13:28:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/09/11 00:15:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/09/12 16:20:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/09/12 16:21:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/12/02 15:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/04/21 13:31:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/18 16:06:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/09/16 12:26:43 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/09/10 13:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2008/11/06 10:27:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2008/09/16 12:29:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/04/21 11:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/09/11 00:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/11/09 14:38:34 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/09/16 12:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/09/20 10:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/03/18 11:29:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/03/18 16:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2009/04/17 21:01:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/09/16 22:40:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/01 12:11:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/03/05 10:54:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/09/17 18:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/09/20 10:09:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2008/10/06 21:55:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/19 10:16:24 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Steve\Application Data
[2008/09/11 00:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Adobe
[2008/09/22 19:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Amazon
[2009/01/28 23:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Apple Computer
[2008/09/17 10:49:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\ATI
[2009/01/13 10:56:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Bioshock
[2008/10/08 21:22:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Canon
[2008/09/25 13:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Digital Red
[2008/09/10 13:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\EA
[2008/10/28 18:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Google
[2008/09/10 22:34:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Identities
[2008/09/20 10:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\InstallShield
[2009/01/01 07:59:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Jägermeister RadioPlayer
[2009/03/11 00:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\LimeWire
[2008/09/10 21:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Macromedia
[2009/04/22 10:15:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Steve\Application Data\Microsoft
[2009/01/01 12:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla
[2009/04/20 10:45:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\OpenOffice.org2
[2009/02/12 11:31:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Pingus
[2008/09/10 21:58:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Pogo Games
[2009/01/06 23:57:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Real
[2009/01/30 16:06:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Roxio
[2008/09/16 12:29:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\ScanSoft
[2008/09/16 23:12:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Steve\Application Data\SecuROM
[2009/03/18 16:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony
[2008/09/10 13:02:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sun
[2008/09/10 13:36:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Talkback
[2009/01/01 12:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\TomTom
[2008/09/17 18:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Ubisoft
[2009/04/20 18:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\uTorrent
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/22 16:13:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA975924
< End of report >

Once again, thank you and all your fellows for all you do.

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that looks much better I will sweep for orphans now - how is the computer running ? Any re-directs ?

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#7
PoppaSteve

PoppaSteve

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Everything is running better--I must have had a lot of garbage in here I didn't even have a clue about.

The redirects are gone, I was able to reinstall my AVG, and Malwarebytes worked like a charm:


Malwarebytes' Anti-Malware 1.36
Database version: 2031
Windows 5.1.2600 Service Pack 3

4/23/2009 6:44:40 AM
mbam-log-2009-04-23 (06-44-40).txt

Scan type: Quick Scan
Objects scanned: 72863
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank you so very much!
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In the words of the immoral bard young sir ......

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTListit and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP