Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! Browser redirect virus [Solved]


  • This topic is locked This topic is locked

#16
gfen

gfen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Malwarebytes' Anti-Malware 1.44
Database version: 3642
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

1/26/2010 4:16:58 PM
mbam-log-2010-01-26 (16-16-58).txt

Scan type: Quick Scan
Objects scanned: 101011
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#17
gfen

gfen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware Free Edition
Java DB 10.5.3.0
Java™ 6 Update 18
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 18
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````
  • 0

#18
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please use JavaRa or Add/Remove Programs to remove the old Java versions.

Then...

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Settings
  • In the scan settings, select the following:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan spyware, adware, diallers and other riskware
    Scan Archives
    Scan E-mail databases
  • Click Save
  • Now under ScanSelect My Computer
  • This will start the scanning of your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on View Report and then Save Report
  • Save the file to your desktop as a text file.
  • Copy and paste that information in your next post.

  • 0

#19
gfen

gfen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
nothing was found
  • 0

#20
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.
  • 0

#21
gfen

gfen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 1/27/2010 6:55:00 AM - Run 3
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\Greg\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.95 Gb Total Space | 208.01 Gb Free Space | 72.24% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.62 Gb Free Space | 46.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREG-PC
Current User Name: Greg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Greg\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Windows\System32\CTSVCCDA.EXE (Creative Technology Ltd)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Greg\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ACDaemon) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Ati External Event Utility) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (Creative Service for CDROM Access) -- C:\Windows\System32\CTSVCCDA.EXE (Creative Technology Ltd)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://ca.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.39
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {89f8dde0-010a-11da-8cd6-0800200c9a66}:1.0.0.19
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/26 19:28:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 19:45:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/26 21:48:35 | 00,000,000 | ---D | M]

[2009/07/05 11:09:15 | 00,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions
[2009/07/05 11:09:15 | 00,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/01/26 21:48:22 | 00,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\3fwmmlgh.default\extensions
[2010/01/26 19:20:57 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\3fwmmlgh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/10/15 18:48:53 | 00,000,000 | ---D | M] (Yahoo! Mail Notifier) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\3fwmmlgh.default\extensions\{89f8dde0-010a-11da-8cd6-0800200c9a66}
[2010/01/26 21:48:16 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\3fwmmlgh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/11 17:20:48 | 00,002,172 | ---- | M] () -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\3fwmmlgh.default\searchplugins\bing.xml
[2010/01/26 16:32:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/18 19:44:59 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/26 19:24:27 | 00,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\5.0_( File not found
O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/26 21:48:30 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/01/26 21:48:30 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/01/26 19:23:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/01/26 19:23:08 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/01/26 19:23:08 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/01/26 16:31:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/01/26 16:31:49 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/01/26 15:28:02 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/26 15:28:00 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010/01/26 15:28:00 | 00,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\temp
[2010/01/26 15:19:49 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/26 15:19:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/26 14:28:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/26 14:28:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/26 14:28:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/26 14:27:47 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/26 14:22:01 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/26 11:42:58 | 00,548,352 | ---- | C] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2010/01/26 11:32:53 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/26 11:32:28 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/26 11:31:18 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Greg\Desktop\erunt_setup.exe
[2010/01/26 11:25:36 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Greg\Desktop\TFC.exe
[2010/01/25 16:58:45 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/25 16:57:31 | 00,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/25 16:57:31 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/25 16:56:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/25 08:24:22 | 00,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/01/25 08:24:21 | 00,162,640 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/01/25 08:24:19 | 00,023,248 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/01/25 08:24:17 | 00,046,544 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/01/25 08:24:14 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/01/25 08:22:53 | 00,152,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/01/25 08:22:53 | 00,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/01/25 08:22:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/01/25 07:58:21 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/22 10:20:36 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/01/21 18:59:24 | 00,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Malwarebytes
[2010/01/21 18:59:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/21 18:59:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/21 18:59:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/21 18:59:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/21 18:19:10 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/01/20 08:05:28 | 00,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\dvdcss
[2010/01/20 07:46:45 | 00,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\vlc
[2010/01/20 07:40:58 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN

========== Files - Modified Within 14 Days ==========

[2010/01/27 06:54:47 | 02,621,440 | -HS- | M] () -- C:\Users\Greg\ntuser.dat
[2010/01/27 06:53:28 | 00,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1225084969-3175546449-1657989812-1000UA.job
[2010/01/27 06:53:28 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/27 06:53:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/27 06:53:10 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/27 06:53:09 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/26 21:48:05 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D4BE4FC7-364D-40CB-90D9-71BCE02F7D50}.job
[2010/01/26 21:36:24 | 00,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/26 19:43:24 | 00,006,944 | ---- | M] () -- C:\Users\Greg\AppData\Local\d3d9caps.dat
[2010/01/26 19:43:17 | 00,000,368 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/01/26 19:43:17 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/26 19:43:03 | 32,158,67904 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/26 19:41:59 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/26 19:41:57 | 00,524,288 | -HS- | M] () -- C:\Users\Greg\NTUSER.DAT{9058b0b3-84d1-11de-9460-00217090a523}.TMContainer00000000000000000001.regtrans-ms
[2010/01/26 19:41:57 | 00,065,536 | -HS- | M] () -- C:\Users\Greg\NTUSER.DAT{9058b0b3-84d1-11de-9460-00217090a523}.TM.blf
[2010/01/26 19:41:50 | 02,228,030 | -H-- | M] () -- C:\Users\Greg\AppData\Local\IconCache.db
[2010/01/26 19:03:41 | 00,002,659 | ---- | M] () -- C:\Users\Greg\Desktop\kap.html
[2010/01/26 16:33:21 | 00,843,187 | ---- | M] () -- C:\Users\Greg\Desktop\SecurityCheck.exe
[2010/01/26 16:20:28 | 00,071,798 | ---- | M] () -- C:\Users\Greg\Desktop\JavaRa.zip
[2010/01/26 16:03:51 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\TFC.exe
[2010/01/26 15:25:47 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/26 14:26:08 | 03,837,151 | R--- | M] () -- C:\Users\Greg\Desktop\ComboFix.exe
[2010/01/26 13:33:53 | 00,284,915 | ---- | M] () -- C:\Users\Greg\Desktop\gmer.zip
[2010/01/26 11:43:01 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2010/01/26 11:31:24 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Greg\Desktop\erunt_setup.exe
[2010/01/26 09:21:00 | 00,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1225084969-3175546449-1657989812-1000Core.job
[2010/01/25 16:57:34 | 00,000,904 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/25 15:00:01 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/25 15:00:01 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/25 15:00:01 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/25 08:37:50 | 00,000,000 | ---- | M] () -- C:\Users\Greg\AppData\Local\prvlcl.dat
[2010/01/25 08:24:23 | 00,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/01/25 08:24:14 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/01/22 07:46:46 | 63,983,681 | ---- | M] () -- C:\Users\Greg\Documents\107_0391.MOV
[2010/01/21 18:59:21 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 15:11:02 | 00,000,024 | ---- | M] () -- C:\Users\Greg\AppData\Roaming\anvkgp.dat
[2010/01/21 12:01:58 | 28,149,660 | ---- | M] () -- C:\Users\Greg\Documents\107_0390.MOV
[2010/01/21 11:59:00 | 09,229,385 | ---- | M] () -- C:\Users\Greg\Documents\107_0389.MOV
[2010/01/21 11:58:34 | 29,171,112 | ---- | M] () -- C:\Users\Greg\Documents\107_0388.MOV
[2010/01/21 11:53:30 | 14,978,876 | ---- | M] () -- C:\Users\Greg\Documents\107_0387.MOV
[2010/01/21 11:53:08 | 41,865,969 | ---- | M] () -- C:\Users\Greg\Documents\107_0386.MOV
[2010/01/21 11:52:02 | 06,239,044 | ---- | M] () -- C:\Users\Greg\Documents\107_0385.MOV
[2010/01/21 11:51:28 | 08,679,938 | ---- | M] () -- C:\Users\Greg\Documents\107_0384.MOV
[2010/01/21 11:50:08 | 28,060,561 | ---- | M] () -- C:\Users\Greg\Documents\107_0383.MOV
[2010/01/21 11:49:50 | 06,810,569 | ---- | M] () -- C:\Users\Greg\Documents\107_0382.MOV
[2010/01/21 11:49:04 | 75,866,304 | ---- | M] () -- C:\Users\Greg\Documents\107_0381.MOV
[2010/01/21 11:27:22 | 17,737,685 | ---- | M] () -- C:\Users\Greg\Documents\107_0380.MOV
[2010/01/21 11:26:50 | 18,770,009 | ---- | M] () -- C:\Users\Greg\Documents\107_0379.MOV
[2010/01/21 11:26:10 | 17,555,488 | ---- | M] () -- C:\Users\Greg\Documents\107_0378.MOV
[2010/01/21 11:25:22 | 22,825,865 | ---- | M] () -- C:\Users\Greg\Documents\107_0377.MOV
[2010/01/21 11:25:06 | 07,649,170 | ---- | M] () -- C:\Users\Greg\Documents\107_0376.MOV
[2010/01/21 11:24:48 | 36,681,885 | ---- | M] () -- C:\Users\Greg\Documents\107_0375.MOV
[2010/01/21 11:09:50 | 56,063,448 | ---- | M] () -- C:\Users\Greg\Documents\107_0374.MOV
[2010/01/21 11:08:46 | 70,950,618 | ---- | M] () -- C:\Users\Greg\Documents\107_0373.MOV
[2010/01/21 10:57:54 | 50,676,496 | ---- | M] () -- C:\Users\Greg\Documents\107_0372.MOV
[2010/01/21 10:57:10 | 48,806,566 | ---- | M] () -- C:\Users\Greg\Documents\107_0371.MOV
[2010/01/21 10:43:00 | 75,643,477 | ---- | M] () -- C:\Users\Greg\Documents\107_0370.MOV
[2010/01/21 10:41:12 | 15,161,4152 | ---- | M] () -- C:\Users\Greg\Documents\107_0369.MOV
[2010/01/21 10:37:34 | 07,371,498 | ---- | M] () -- C:\Users\Greg\Documents\107_0368.MOV
[2010/01/21 10:28:50 | 62,147,8656 | ---- | M] () -- C:\Users\Greg\Documents\107_0367.MOV
[2010/01/20 08:03:01 | 00,014,848 | ---- | M] () -- C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 07:41:04 | 00,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/01/19 08:13:58 | 00,162,640 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/01/19 06:57:59 | 00,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/01/19 06:57:39 | 00,152,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/01/19 06:46:52 | 00,046,544 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/01/19 06:43:40 | 00,023,248 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/01/19 06:43:23 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/01/19 06:42:57 | 00,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2010/01/26 19:03:40 | 00,002,659 | ---- | C] () -- C:\Users\Greg\Desktop\kap.html
[2010/01/26 16:33:17 | 00,843,187 | ---- | C] () -- C:\Users\Greg\Desktop\SecurityCheck.exe
[2010/01/26 16:20:27 | 00,071,798 | ---- | C] () -- C:\Users\Greg\Desktop\JavaRa.zip
[2010/01/26 14:28:11 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/26 14:28:11 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/26 14:28:11 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/26 14:28:11 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/26 14:28:11 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/26 14:25:58 | 03,837,151 | R--- | C] () -- C:\Users\Greg\Desktop\ComboFix.exe
[2010/01/26 13:33:48 | 00,284,915 | ---- | C] () -- C:\Users\Greg\Desktop\gmer.zip
[2010/01/25 16:57:34 | 00,000,904 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/25 08:24:23 | 00,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/01/22 07:57:50 | 07,371,498 | ---- | C] () -- C:\Users\Greg\Documents\107_0368.MOV
[2010/01/22 07:57:50 | 06,810,569 | ---- | C] () -- C:\Users\Greg\Documents\107_0382.MOV
[2010/01/22 07:57:49 | 08,679,938 | ---- | C] () -- C:\Users\Greg\Documents\107_0384.MOV
[2010/01/22 07:57:49 | 07,649,170 | ---- | C] () -- C:\Users\Greg\Documents\107_0376.MOV
[2010/01/22 07:57:48 | 09,229,385 | ---- | C] () -- C:\Users\Greg\Documents\107_0389.MOV
[2010/01/22 07:57:47 | 14,978,876 | ---- | C] () -- C:\Users\Greg\Documents\107_0387.MOV
[2010/01/22 07:57:44 | 17,555,488 | ---- | C] () -- C:\Users\Greg\Documents\107_0378.MOV
[2010/01/22 07:57:42 | 17,737,685 | ---- | C] () -- C:\Users\Greg\Documents\107_0380.MOV
[2010/01/22 07:57:40 | 18,770,009 | ---- | C] () -- C:\Users\Greg\Documents\107_0379.MOV
[2010/01/22 07:57:37 | 22,825,865 | ---- | C] () -- C:\Users\Greg\Documents\107_0377.MOV
[2010/01/22 07:57:34 | 28,060,561 | ---- | C] () -- C:\Users\Greg\Documents\107_0383.MOV
[2010/01/22 07:57:30 | 28,149,660 | ---- | C] () -- C:\Users\Greg\Documents\107_0390.MOV
[2010/01/22 07:57:25 | 29,171,112 | ---- | C] () -- C:\Users\Greg\Documents\107_0388.MOV
[2010/01/22 07:57:20 | 36,681,885 | ---- | C] () -- C:\Users\Greg\Documents\107_0375.MOV
[2010/01/22 07:57:13 | 41,865,969 | ---- | C] () -- C:\Users\Greg\Documents\107_0386.MOV
[2010/01/22 07:57:06 | 48,806,566 | ---- | C] () -- C:\Users\Greg\Documents\107_0371.MOV
[2010/01/22 07:56:58 | 50,676,496 | ---- | C] () -- C:\Users\Greg\Documents\107_0372.MOV
[2010/01/22 07:56:50 | 56,063,448 | ---- | C] () -- C:\Users\Greg\Documents\107_0374.MOV
[2010/01/22 07:56:39 | 63,983,681 | ---- | C] () -- C:\Users\Greg\Documents\107_0391.MOV
[2010/01/22 07:56:27 | 70,950,618 | ---- | C] () -- C:\Users\Greg\Documents\107_0373.MOV
[2010/01/22 07:56:15 | 75,866,304 | ---- | C] () -- C:\Users\Greg\Documents\107_0381.MOV
[2010/01/22 07:55:50 | 15,161,4152 | ---- | C] () -- C:\Users\Greg\Documents\107_0369.MOV
[2010/01/22 07:53:38 | 62,147,8656 | ---- | C] () -- C:\Users\Greg\Documents\107_0367.MOV
[2010/01/22 07:53:17 | 75,643,477 | ---- | C] () -- C:\Users\Greg\Documents\107_0370.MOV
[2010/01/22 07:49:26 | 06,239,044 | ---- | C] () -- C:\Users\Greg\Documents\107_0385.MOV
[2010/01/21 18:59:21 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/21 15:11:02 | 00,000,024 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\anvkgp.dat
[2010/01/20 07:41:04 | 00,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/01/18 19:24:58 | 00,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2009/12/15 07:00:40 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/25 13:40:25 | 00,000,000 | ---- | C] () -- C:\Users\Greg\AppData\Local\prvlcl.dat
[2009/09/22 10:48:15 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/20 08:18:27 | 00,014,848 | ---- | C] () -- C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/17 17:01:55 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/08 09:04:08 | 00,001,036 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\wklnhst.dat
[2009/07/10 22:20:15 | 00,006,944 | ---- | C] () -- C:\Users\Greg\AppData\Local\d3d9caps.dat
[2009/06/20 08:32:07 | 00,024,064 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\UserTile.png
[2009/06/20 08:20:55 | 00,008,248 | ---- | C] () -- C:\Users\Greg\AppData\Local\en.ini
[2009/03/02 15:41:55 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/03/02 14:10:12 | 00,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2009/03/02 14:10:11 | 00,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009/03/02 14:10:11 | 00,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/12/13 17:44:55 | 00,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Any Video Converter
[2009/09/18 19:45:24 | 00,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Foxit
[2009/10/19 17:48:12 | 00,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Foxit Software
[2009/11/27 10:25:41 | 00,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\IObit
[2010/01/26 19:41:11 | 00,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\LimeWire
[2009/06/20 08:32:07 | 00,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\PeerNetworking
[2009/09/22 10:35:34 | 00,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Template
[2010/01/26 19:43:17 | 00,000,368 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/01/26 19:42:00 | 00,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/26 21:48:05 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D4BE4FC7-364D-40CB-90D9-71BCE02F7D50}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
  • 0

#22
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.

Apart from this, your computer appears clean :)

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
-- Step 2 --
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.
Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Adobe Updates

You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

#23
gfen

gfen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank-you so much! Everything seems to be working fine. I really appreciate your help.
Greg
  • 0

#24
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

My pleasure. Stay safe :)
  • 0

#25
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP