Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

search engine redirect problem


  • This topic is locked This topic is locked

#1
Smackalistair

Smackalistair

    Member

  • Member
  • PipPip
  • 10 posts
Hi,

for the last few weeks I've had a search engine redirect problem. Whenever I go to search engione links i get redirected by "
bywill.net" to something else. its not been to anywahere bad but it's very annoying.

I've run malwarebytes and superantispyware and removesd a few issues...cant recall what they were specifically i'm sorry.

have run tdss killer - nothing found.

At present malwarebytes states it detects no malicious items but it is blocking the following attempts to access websites:

17:45:07 (null) MESSAGE Scheduled update executed successfully
18:13:16 Stew MESSAGE Protection started successfully
18:13:44 Stew MESSAGE IP Protection started successfully
18:13:44 Stew MESSAGE IP Protection stopped
18:13:48 Stew MESSAGE Database updated successfully
18:13:50 Stew MESSAGE IP Protection started successfully
18:14:10 Stew IP-BLOCK 195.244.128.36 (Type: outgoing)
18:14:10 Stew IP-BLOCK 195.244.128.36 (Type: outgoing)
18:14:13 Stew IP-BLOCK 195.244.128.36 (Type: outgoing)
18:14:17 Stew IP-BLOCK 195.244.128.36 (Type: outgoing)
18:35:47 Stew IP-BLOCK 195.244.128.36 (Type: outgoing)
18:35:49 Stew IP-BLOCK 195.244.128.36 (Type: outgoing)
18:35:53 Stew IP-BLOCK 195.244.128.36 (Type: outgoing)
18:56:09 Stew IP-BLOCK 200.63.43.50 (Type: outgoing)
18:57:07 Stew IP-BLOCK 195.244.128.36 (Type: outgoing)


Superantispyware has listed a broken file association...copied and pasted from the scan:..

Listed below is basic information about the detected application/process. This application may not be safe to have on your system.

Summary : System.BrokenFileAssociation.Setting

Company : Unknown

Description : Critical Windows file associations have been corrupted

Threat Level (1-10) : 5

Processes :



I'm guessing that malwarebytes is preventing the redirect with the website blocking , and I also presume the broken file association is pertinent to the issue.

I'd really appreciate some assistance in how to fix this issue.

i've run OTL - results are as follows.

thanks in advance for your input..Stew




OTL logfile created on: 7/06/2011 6:24:43 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Stew\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.24 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 60.04% Memory free
5.09 Gb Paging File | 3.63 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 411.08 Gb Free Space | 88.26% Space Free | Partition Type: NTFS

Computer Name: STEWS | User Name: Stew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/07 18:23:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stew\My Documents\Downloads\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/23 23:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/05/07 13:53:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/02 15:09:18 | 001,306,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/22 16:51:04 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/01/15 20:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/08 08:29:44 | 000,055,016 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/22 10:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 10:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/10/30 22:37:22 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe


========== Modules (SafeList) ==========

MOD - [2011/06/07 18:23:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stew\My Documents\Downloads\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/01/15 20:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/08 08:29:44 | 000,055,016 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/05/11 02:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/02/18 02:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/29 12:34:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/12/17 14:02:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 14:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/12/17 14:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 14:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/12/13 11:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/07/24 10:21:46 | 000,040,448 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2008/07/03 17:03:14 | 004,745,216 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/02/22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2008/01/03 22:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\F5D7050v3\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.iinet.net.au/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/20 19:51:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/26 13:31:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 13:53:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 23:12:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/20 22:25:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/05/19 22:54:16 | 000,000,000 | ---D | M]

[2010/09/24 21:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Extensions
[2010/09/24 21:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/11/26 07:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2011/05/06 21:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Firefox\Profiles\rv1a9qx2.default\extensions
[2010/05/04 07:51:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Firefox\Profiles\rv1a9qx2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 18:56:27 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Firefox\Profiles\rv1a9qx2.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/04/13 23:25:05 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Firefox\Profiles\rv1a9qx2.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/01/19 18:01:38 | 000,000,000 | ---D | M] (Read It Later) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Firefox\Profiles\rv1a9qx2.default\extensions\[email protected]
[2011/05/03 20:36:53 | 000,000,000 | ---D | M] ("MemberPlugin") -- C:\Documents and Settings\Stew\Application Data\Mozilla\Firefox\Profiles\rv1a9qx2.default\extensions\[email protected]
[2011/05/06 21:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/04 23:12:23 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/08/04 23:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\components
[2011/05/07 13:53:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2011/05/07 13:53:10 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/08/31 20:09:08 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2008/04/14 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110424135125.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [Info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/08 17:10:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ee6fe72-3eeb-11df-82e4-0021855e10d7}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee6fe72-3eeb-11df-82e4-0021855e10d7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ee6fe72-3eeb-11df-82e4-0021855e10d7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6dad54ad-95c4-11dd-804f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dad54ad-95c4-11dd-804f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6dad54ad-95c4-11dd-804f-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{7696b3a8-f5a7-11de-8265-0021855e10d7}\Shell\AutoRun\command - "" = E:\SamsungSoftware\APPInst.exe
O33 - MountPoints2\{79f0dbea-955a-11dd-a42c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{79f0dbea-955a-11dd-a42c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79f0dbea-955a-11dd-a42c-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{d85ee549-95a8-11dd-a74e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d85ee549-95a8-11dd-a74e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d85ee549-95a8-11dd-a74e-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{dc900dc8-503b-11df-831b-0023cdb3fa67}\Shell - "" = AutoRun
O33 - MountPoints2\{dc900dc8-503b-11df-831b-0023cdb3fa67}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc900dc8-503b-11df-831b-0023cdb3fa67}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f0fad520-4543-11df-82f5-0021855e10d7}\Shell - "" = AutoRun
O33 - MountPoints2\{f0fad520-4543-11df-82f5-0021855e10d7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f0fad520-4543-11df-82f5-0021855e10d7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 17:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/06 21:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Application Data\SUPERAntiSpyware.com
[2011/06/06 21:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/06 21:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/06 20:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/06 20:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2011/06/05 18:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/05 18:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/05 18:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/04 19:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Application Data\Malwarebytes
[2011/06/04 19:25:26 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/04 19:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/04 19:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/04 19:25:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/04 19:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/04 15:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Application Data\Uniblue
[2011/06/04 15:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/06/04 15:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Local Settings\Application Data\PackageAware
[2011/06/01 14:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/06/01 13:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Local Settings\Application Data\Citrix
[2011/06/01 13:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Application Data\McAfee
[2011/05/30 20:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/05/26 23:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/25 07:10:16 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Stew\Desktop\TDSSKiller.exe
[2011/05/24 07:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/24 07:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/24 07:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2009/11/28 18:32:21 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/07 18:23:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/07 18:17:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/07 18:12:53 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/07 17:44:05 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2011/06/07 17:43:54 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\XTXGLFLMS.job
[2011/06/07 17:43:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/06 21:29:27 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/05 18:22:54 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/05 18:16:23 | 000,000,629 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/06/04 19:25:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 13:49:40 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\Stew\default.pls
[2011/06/03 13:49:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/02 23:47:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/02 22:53:08 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Stew\Desktop\sdsetup.exe
[2011/06/02 22:40:00 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/06/02 20:30:15 | 000,643,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/02 20:29:11 | 000,012,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/01 23:57:51 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Stew\Desktop\Shortcut to stinger10101629(1).lnk
[2011/06/01 13:51:45 | 000,103,784 | ---- | M] () -- C:\Documents and Settings\Stew\GoToAssistDownloadHelper.exe
[2011/05/30 20:20:54 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Stew\Desktop\TDSSKiller.exe
[2011/05/21 19:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/19 20:51:02 | 000,062,516 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/15 20:57:17 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/06 21:29:27 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/05 18:22:54 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/04 19:25:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/02 22:53:19 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Stew\Desktop\sdsetup.exe
[2011/06/02 20:30:32 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/06/01 23:57:51 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Stew\Desktop\Shortcut to stinger10101629(1).lnk
[2011/06/01 13:51:41 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\Stew\GoToAssistDownloadHelper.exe
[2011/06/01 13:38:54 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/06/01 13:38:08 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/05/30 20:20:54 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/04/28 15:42:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0623.old
[2011/04/28 08:54:41 | 000,015,088 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6s7j3n5y784145qp541bq567xiv72586o528c6
[2011/04/28 08:54:40 | 000,015,088 | -HS- | C] () -- C:\Documents and Settings\Stew\Local Settings\Application Data\6s7j3n5y784145qp541bq567xiv72586o528c6
[2011/04/26 07:56:13 | 000,194,048 | RHS- | C] () -- C:\WINDOWS\System32\mountvolw.dll
[2011/04/16 23:17:22 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Stew\Application Data\setup_ldm.iss
[2010/07/06 19:33:58 | 000,077,373 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/06/20 19:51:02 | 000,023,109 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/06/19 22:01:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/06/19 20:20:37 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2010/06/19 17:47:29 | 000,188,667 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/06/19 17:47:29 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2010/06/12 19:45:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2010/06/12 19:45:24 | 000,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2010/04/06 11:17:29 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Customize.ini
[2009/11/28 18:32:23 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\bs_read.dll
[2009/11/28 18:32:21 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2009/11/28 18:27:11 | 000,000,904 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/28 18:26:44 | 000,000,021 | ---- | C] () -- C:\WINDOWS\sage.ini
[2009/10/11 00:06:05 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009/10/11 00:06:05 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009/10/11 00:06:05 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009/03/21 19:23:43 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/08 19:46:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/03/04 19:31:09 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2009/02/17 21:37:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/07 16:15:35 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/07 15:43:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/02/07 15:26:13 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/28 08:13:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ENROLL.INI
[2008/11/28 06:18:19 | 000,001,052 | ---- | C] () -- C:\WINDOWS\VTCONN.INI
[2008/11/28 06:02:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI
[2008/11/28 06:00:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2008/11/27 08:24:43 | 000,062,516 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/23 07:49:02 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2008/11/22 18:38:56 | 000,003,480 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/11/21 21:42:21 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Stew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 21:15:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/21 21:09:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/09 13:42:39 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/10/09 11:21:55 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2008/10/09 11:21:53 | 000,258,048 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2008/10/09 11:21:53 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2008/10/09 11:21:52 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2008/10/09 11:21:52 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\WinSys2.exe
[2008/10/09 10:15:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/09 09:32:30 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/09 09:32:30 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008/10/09 09:32:29 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/09 09:20:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008/10/09 08:52:07 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/09 01:05:05 | 000,004,300 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/09 01:04:17 | 000,302,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/08 17:11:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 17:09:24 | 000,022,832 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/17 02:31:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/17 02:31:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/17 02:31:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/17 02:31:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/17 02:31:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/17 02:31:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/17 02:31:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/17 02:31:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/17 02:31:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 20:00:00 | 000,531,506 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 20:00:00 | 000,105,430 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1997/11/14 17:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1996/02/22 17:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1996/01/15 17:23:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll
[1995/09/25 17:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 17:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello smackalistair and welcome to GeeksToGo :)

I'm Homburg and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

Edited by Homburg, 11 June 2011 - 06:37 AM.

  • 0

#3
Smackalistair

Smackalistair

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks, I'm looking forward to your input

cheers

Stew
  • 0

#4
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Can you please do the following:


Step 1 :

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
    [2011/06/07 17:43:54 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\XTXGLFLMS.job
    [2011/04/28 08:54:41 | 000,015,088 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6s7j3n5y784145qp541bq567xiv72586o528c6
    [2011/04/28 08:54:40 | 000,015,088 | -HS- | C] () -- C:\Documents and Settings\Stew\Local Settings\Application Data\6s7j3n5y784145qp541bq567xiv72586o528c6
    [2011/04/26 07:56:13 | 000,194,048 | RHS- | C] () -- C:\WINDOWS\System32\mountvolw.dll
    
    :Services
    
    :Reg
    
    :Files
    C:\Documents and Settings\All Users\Application Data\6s7j3n5y784145qp541bq567xiv72586o528c6
    C:\Documents and Settings\Stew\Local Settings\Application Data\6s7j3n5y784145qp541bq567xiv72586o528c6
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the fix.txt log
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Step 2:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 3:

Please remember to post in your reply:
OTL fix log
New OTL quickscan log
aswMBR scan log

Homburg
  • 0

#5
Smackalistair

Smackalistair

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi, heres the fix.txt log:

========== OTL ==========
C:\WINDOWS\wc98pp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ic32pp\ deleted successfully.
Invalid CLSID key: C:\WINDOWS\wc98pp.dll
File C:\WINDOWS\wc98pp.dll not found.
C:\WINDOWS\tasks\XTXGLFLMS.job moved successfully.
C:\Documents and Settings\All Users\Application Data\6s7j3n5y784145qp541bq567xiv72586o528c6 moved successfully.
C:\Documents and Settings\Stew\Local Settings\Application Data\6s7j3n5y784145qp541bq567xiv72586o528c6 moved successfully.
C:\WINDOWS\system32\mountvolw.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\6s7j3n5y784145qp541bq567xiv72586o528c6 not found.
File\Folder C:\Documents and Settings\Stew\Local Settings\Application Data\6s7j3n5y784145qp541bq567xiv72586o528c6 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Stew\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Stew\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Deb
->Flash cache emptied: 1123 bytes

User: Default User
->Flash cache emptied: 56823 bytes

User: LocalService
->Flash cache emptied: 19933 bytes

User: NetworkService

User: Owner

User: Stew
->Flash cache emptied: 248087 bytes

User: Stews microsoft
->Flash cache emptied: 321 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)
  • 0

#6
Smackalistair

Smackalistair

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL scan log

OTL logfile created on: 12/06/2011 9:04:47 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Stew\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.24 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 68.27% Memory free
5.09 Gb Paging File | 3.73 Gb Available in Paging File | 73.45% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 410.04 Gb Free Space | 88.04% Space Free | Partition Type: NTFS

Computer Name: STEWS | User Name: Stew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Documents and Settings\Stew\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Stew\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (XobniService) -- C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam S5500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (MOSUMAC) -- C:\WINDOWS\system32\drivers\MOSUMAC.SYS (--)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (GTNDIS5) -- C:\Program Files\Belkin\F5D7050v3\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.iinet.net.au/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/20 19:51:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/26 13:31:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 13:53:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 23:12:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/20 22:25:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/05/19 22:54:16 | 000,000,000 | ---D | M]

[2010/09/24 21:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Extensions
[2010/09/24 21:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/11/26 07:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2011/05/06 21:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Firefox\Profiles\rv1a9qx2.default\extensions
[2010/05/04 07:51:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Firefox\Profiles\rv1a9qx2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 18:56:27 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Firefox\Profiles\rv1a9qx2.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/04/13 23:25:05 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Firefox\Profiles\rv1a9qx2.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/01/19 18:01:38 | 000,000,000 | ---D | M] (Read It Later) -- C:\Documents and Settings\Stew\Application Data\Mozilla\Firefox\Profiles\rv1a9qx2.default\extensions\[email protected]
[2011/05/03 20:36:53 | 000,000,000 | ---D | M] ("MemberPlugin") -- C:\Documents and Settings\Stew\Application Data\Mozilla\Firefox\Profiles\rv1a9qx2.default\extensions\[email protected]
[2011/05/06 21:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/04 23:12:23 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/08/04 23:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\components
[2011/05/07 13:53:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2011/05/07 13:53:10 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/08/31 20:09:08 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/06/10 21:53:07 | 000,000,726 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110424135125.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [Info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/08 17:10:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ee6fe72-3eeb-11df-82e4-0021855e10d7}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee6fe72-3eeb-11df-82e4-0021855e10d7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ee6fe72-3eeb-11df-82e4-0021855e10d7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6dad54ad-95c4-11dd-804f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dad54ad-95c4-11dd-804f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6dad54ad-95c4-11dd-804f-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{7696b3a8-f5a7-11de-8265-0021855e10d7}\Shell\AutoRun\command - "" = E:\SamsungSoftware\APPInst.exe
O33 - MountPoints2\{79f0dbea-955a-11dd-a42c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{79f0dbea-955a-11dd-a42c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79f0dbea-955a-11dd-a42c-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{d85ee549-95a8-11dd-a74e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d85ee549-95a8-11dd-a74e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d85ee549-95a8-11dd-a74e-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{dc900dc8-503b-11df-831b-0023cdb3fa67}\Shell - "" = AutoRun
O33 - MountPoints2\{dc900dc8-503b-11df-831b-0023cdb3fa67}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc900dc8-503b-11df-831b-0023cdb3fa67}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f0fad520-4543-11df-82f5-0021855e10d7}\Shell - "" = AutoRun
O33 - MountPoints2\{f0fad520-4543-11df-82f5-0021855e10d7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f0fad520-4543-11df-82f5-0021855e10d7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 08:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/12 08:31:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/11 22:48:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/11 14:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/06/10 21:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Desktop\RK_Quarantine
[2011/06/06 21:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Application Data\SUPERAntiSpyware.com
[2011/06/06 21:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/06 21:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/06 20:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/06 20:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2011/06/05 18:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/05 18:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/05 18:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/04 19:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Application Data\Malwarebytes
[2011/06/04 19:25:26 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/04 19:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/04 19:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/04 19:25:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/04 19:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/04 15:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Application Data\Uniblue
[2011/06/04 15:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/06/04 15:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Local Settings\Application Data\PackageAware
[2011/06/01 14:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/06/01 13:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Local Settings\Application Data\Citrix
[2011/06/01 13:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stew\Application Data\McAfee
[2011/05/30 20:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/05/26 23:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/25 07:10:16 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Stew\Desktop\TDSSKiller.exe
[2011/05/24 07:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/24 07:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/24 07:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2009/11/28 18:32:21 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/12 08:33:54 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/12 08:33:26 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/12 08:33:23 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2011/06/12 08:33:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/12 08:23:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/11 19:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/11 16:57:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 22:14:52 | 000,012,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/07 18:37:24 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Stew\Desktop\Shortcut to OTL.exe.lnk
[2011/06/06 21:29:27 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/05 18:22:54 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/05 18:16:23 | 000,000,629 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/06/04 19:25:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 13:49:40 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\Stew\default.pls
[2011/06/03 13:49:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/02 23:47:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/02 22:53:08 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Stew\Desktop\sdsetup.exe
[2011/06/02 22:40:00 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/06/02 20:30:15 | 000,643,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/01 23:57:51 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Stew\Desktop\Shortcut to stinger10101629(1).lnk
[2011/06/01 13:51:45 | 000,103,784 | ---- | M] () -- C:\Documents and Settings\Stew\GoToAssistDownloadHelper.exe
[2011/05/30 20:20:54 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Stew\Desktop\TDSSKiller.exe
[2011/05/19 20:51:02 | 000,062,516 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/15 20:57:17 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/07 18:37:24 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Stew\Desktop\Shortcut to OTL.exe.lnk
[2011/06/06 21:29:27 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/05 18:22:54 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/04 19:25:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/02 22:53:19 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Stew\Desktop\sdsetup.exe
[2011/06/02 20:30:32 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/06/01 23:57:51 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Stew\Desktop\Shortcut to stinger10101629(1).lnk
[2011/06/01 13:51:41 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\Stew\GoToAssistDownloadHelper.exe
[2011/06/01 13:38:54 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/06/01 13:38:08 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/05/30 20:20:54 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/04/28 15:42:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0623.old
[2011/04/16 23:17:22 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Stew\Application Data\setup_ldm.iss
[2010/07/06 19:33:58 | 000,077,373 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/06/20 19:51:02 | 000,023,109 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/06/19 22:01:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/06/19 20:20:37 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2010/06/19 17:47:29 | 000,188,667 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/06/19 17:47:29 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2010/06/12 19:45:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2010/06/12 19:45:24 | 000,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2010/04/06 11:17:29 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Customize.ini
[2009/11/28 18:32:23 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\bs_read.dll
[2009/11/28 18:32:21 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2009/11/28 18:27:11 | 000,000,904 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/28 18:26:44 | 000,000,021 | ---- | C] () -- C:\WINDOWS\sage.ini
[2009/10/11 00:06:05 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009/10/11 00:06:05 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009/10/11 00:06:05 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009/03/21 19:23:43 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/08 19:46:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/17 21:37:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/07 16:15:35 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/07 15:43:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/02/07 15:26:13 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/28 08:13:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ENROLL.INI
[2008/11/28 06:18:19 | 000,001,052 | ---- | C] () -- C:\WINDOWS\VTCONN.INI
[2008/11/28 06:02:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI
[2008/11/28 06:00:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2008/11/27 08:24:43 | 000,062,516 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/23 07:49:02 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2008/11/22 18:38:56 | 000,003,480 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/11/21 21:42:21 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Stew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 21:15:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/21 21:09:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/09 13:42:39 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/10/09 11:21:55 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2008/10/09 11:21:53 | 000,258,048 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2008/10/09 11:21:53 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2008/10/09 11:21:52 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2008/10/09 11:21:52 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\WinSys2.exe
[2008/10/09 10:15:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/09 09:32:30 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/09 09:32:30 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008/10/09 09:32:29 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/09 09:20:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008/10/09 08:52:07 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/09 01:05:05 | 000,004,300 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/09 01:04:17 | 000,302,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/08 17:11:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 17:09:24 | 000,022,832 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/17 02:31:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/17 02:31:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/17 02:31:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/17 02:31:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/17 02:31:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/17 02:31:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/17 02:31:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/17 02:31:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/17 02:31:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/04/14 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 20:00:00 | 000,531,506 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 20:00:00 | 000,105,430 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1997/11/14 17:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1996/02/22 17:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1996/01/15 17:23:00 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll
[1995/09/25 17:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 17:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

========== LOP Check ==========

[2011/06/01 14:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/06/12 08:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/06/04 19:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/23 21:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/02 21:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/07/02 20:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/24 17:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/04 16:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/18 21:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\FileZilla
[2009/02/11 18:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\GetRightToGo
[2009/09/30 08:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\gtk-2.0
[2010/01/26 22:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\HomeLoanInterestManagerPro
[2010/08/04 23:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\Keynote Systems
[2011/01/01 16:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\KompoZer
[2009/03/21 17:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\Leadertech
[2010/03/14 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\OpenCandy
[2008/11/26 07:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\Participatory Culture Foundation
[2009/07/06 15:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\PCF-VLC
[2009/02/07 15:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\Samsung
[2010/03/14 22:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\SynthMaker
[2010/09/24 21:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\Thunderbird
[2011/06/04 15:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\Uniblue
[2009/03/25 17:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stew\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#7
Smackalistair

Smackalistair

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
aswMBR scan log

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-12 09:12:44
-----------------------------
09:12:44.953 OS Version: Windows 5.1.2600 Service Pack 3
09:12:44.953 Number of processors: 4 586 0xF0B
09:12:44.953 ComputerName: STEWS UserName: Stew
09:12:45.843 Initialize success
09:13:10.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
09:13:10.718 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-13 Size: 476940MB BusType: 3
09:13:12.718 Disk 0 MBR read successfully
09:13:12.718 Disk 0 MBR scan
09:13:12.718 Disk 0 Windows XP default MBR code
09:13:14.718 Disk 0 scanning sectors +976768065
09:13:14.750 Disk 0 scanning C:\WINDOWS\system32\drivers
09:13:19.093 Service scanning
09:13:19.937 Disk 0 trace - called modules:
09:13:19.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:13:19.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0cfab8]
09:13:19.953 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000084[0x8b0d89e8]
09:13:19.953 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8b0d7d98]
09:13:19.953 Scan finished successfully
09:13:43.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Stew\Desktop\MBR.dat"
09:13:43.250 The log file has been saved successfully to "C:\Documents and Settings\Stew\Desktop\aswMBR.txt"
  • 0

#8
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

How is the PC running now?

Please do a follow up scan with MalwareBytes.

Start Posted Image MalwareBytes
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.

Homburg
  • 0

#9
Smackalistair

Smackalistair

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,

Thanks very much for your assistance with this. Things seem to be running much better and My apologies for the delay in getting back to you.

Things seem fine and I no longer seem to be getting the "bywill.net" search engine redirect.Malwarebytes isn't blocking outgoing attempts to access webs addresses anymore either.

Again, thank you very much for your input on that.

Interestingly though, superantispyware still indicates a broken file association. Should I be concerned about that, or should I put that query in another post.

Oh, before i forget, here's the malwarebytes log fromn the scan I ran as per your advice

alwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6846

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/06/2011 6:22:28 PM
mbam-log-2011-06-13 (18-22-28).txt

Scan type: Quick scan
Objects scanned: 143244
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


cheers


Stew
  • 0

#10
Smackalistair

Smackalistair

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Just as an update to the antispyware problem, I found a fix on one of their forums.

cheers, and thanks once again for your assistance.

Stew
  • 0

Advertisements


#11
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello smackalistair,

Your PC is looking better, we'll just do an online scan now. If this scan is clear we'll do the clean up in the next post.

Please do the following:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Homburg
  • 0

#12
Smackalistair

Smackalistair

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello Homburg,

Below is the Eset log.txt file.
I'll be away from home for the next four days - not back till Saturday 19th June so if there are any further actions to do I'll need to attend to them then. Thanks very much for all the help so far

Stew

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=d58da3912291f54d9e05f60465a14d99
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-14 06:29:53
# local_time=2011-06-14 02:29:53 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777173 100 75 853605 8538797 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=118379
# found=2
# cleaned=2
# scan_time=3659
C:\Documents and Settings\Stew\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\IWONGEI\Installr\1.bin\9uEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#13
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi, your logs are now clear of malware :unsure:

We'll now clean your restore points and remove the tools and logs that we've been using.

Reset SR Points/Clean up with OTL:
  • Double-click OTLPosted Image to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
    [emptytemp]
    [ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window and choose Paste.
  • Then click the Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore Points and create a new clean one.


Please delete aswMBR and logs from your desktop.



I have a few recommendations to try and prevent further infections.

1. Protection Now that you are clean, to help protect your computer in the future I recommend that you download the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place. It also consumes no system resources.
SpywareGuard to catch and block spyware before it can execute. It offers real time protection.
MalwareBytes to remove any malware that might slip the net and get through. I recommend that you run this at least once a week.

2. Windows Updates.

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. I recommend that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.

3. JAVA updates.
As with Windows, Java also needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

4. Adobe updates.
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. Older versions are susceptible to attack. You can download the latest reader and updates from here.

5. Firewall and antivirus.
A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online Armor is a more advanced firewall which includes a Host Intrusion Protection System (HIPS).
Comodo is a combined firewall and anti virus.

It is essential that you have an antivirus program installed on your computer. An Anti-Virus program protects your computer from many common viruses and trojans which can be deadly for your system. The following antivirus programs are free for personal use. Do not install more than one antivirus.

AVG
Avira Free
Avast


To learn more about how to protect yourself while on the internet you might like to read this GeeksToGo article. This covers some of the safety measures that I've included and also some more.

Happy surfing and stay safe :)

Homburg.
  • 0

#14
Smackalistair

Smackalistair

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Homberg,

I've done all that earlier today. Thanks very much for all your assistance:I no longer have the redirect problem.


cheers

Stew
  • 0

#15
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
That's good to hear :unsure:

Thanks for sticking with it to the end.

Stay safe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP